Based on my experiences, it seems like more in the business world are turning to Skype for phone calls, especially international calls, on both computers and on mobile devices. If you are one of those Skype users and also use Skype on your Android phone or tablet, your device may be at risk.
A bug that allows an attacker to bypass the lock screen function was discovered in the Skype update version 184.108.40.20673 – which was just released this week. Normally, the most basic security rule is to always update immediately to the newest version of any software or app because it is supposed to fix security vulnerabilities. Apparently, this time the bug came with the update. The bug was discovered by “Pulser,” the developer administrator for XDA-Developers Forum. According to InformationWeek:
The attack works by sending a Skype call to the target device, Pulser explained, which will cause it to wake, ring, and display a prompt on the screen to answer or reject the call. After the call is accepted via the green answer button, the attacker must then end the call, which will cause the target device to again display the lock screen. But turning off that lock screen — by tapping the power button once — and then turning it back on again will then bypass the lock screen. “It will remain bypassed until the device is rebooted,” Pulser explained, thus giving a would-be attacker full access to the device.
The bug was found to affect the Sony Experia Z, the Samsung Galaxy Note 2 and the Huawei Premia 4G Android devices.
Lock screen bugs are a reoccurring problem. Lee Cocking, vice president of strategy for mobile security firm Fixmo, said in InfoWorld:
“To me this speaks of overall security architecture issues with the platform, or at least with how background processes such as VoIP (Voice over IP) applications interact with the platform.”
If you regularly use Skype or a similar platform for enterprise use, you can take a couple of steps to make sure your device isn’t being accessed by a hacker. One way is to make sure your device has multiple layers of security. Use tools that allow you to isolate apps from any corporate-related data. And make sure that your device is updated to the latest Android version.