Skype Android app: personal data hack revealed

Warning: Creating default object from empty value in /var/www/apps/stdev/speedtest/public_html/components/com_k2/models/item.php on line 274
No valid database connection Incorrect DATETIME value: '0000-00-00 00:00:00' SQL=SELECT i.*, c.alias as categoryalias FROM jos_k2_items as i LEFT JOIN jos_k2_categories c ON c.id = i.catid WHERE i.published = 1 AND ( i.publish_up = '0000-00-00 00:00:00' OR i.publish_up <= '2025-03-12 14:34:08' ) AND ( i.publish_down = '0000-00-00 00:00:00' OR i.publish_down >= '2025-03-12 14:34:08' ) AND i.access <= 0 AND i.trash = 0 AND c.published = 1 AND c.access <= 0 AND c.trash = 0 AND (i.id) IN (5,15,49,51,59,63,67,75,89,91,97,101,111,113,115,117,133,141,143,145,149,151,163,173,187,199,211,219,229,239,263,269,289,299,307,311,313,325,335,341,351,353,359,365,369,382,393,395,403,405,424,435,436,438,446,451,456,467,476,498,506,508,510,512,516,524,528,531,534,540,542,543,545,552,560,565) ORDER BY i.created DESC LIMIT 0, 4

Warning: Invalid argument supplied for foreach() in /var/www/apps/stdev/speedtest/public_html/components/com_k2/models/itemlist.php on line 609
No valid database connection Incorrect DATETIME value: '0000-00-00 00:00:00' SQL=SELECT * FROM jos_k2_items WHERE id != 567 AND catid=1 AND ordering > 377 AND published=1 AND ( publish_up = '0000-00-00 00:00:00' OR publish_up <= '2025-03-12 14:34:08' ) AND ( publish_down = '0000-00-00 00:00:00' OR publish_down >= '2025-03-12 14:34:08' ) AND access<=0 AND trash=0 ORDER BY ordering ASC LIMIT 0, 1
No valid database connection Incorrect DATETIME value: '0000-00-00 00:00:00' SQL=SELECT * FROM jos_k2_items WHERE id != 567 AND catid=1 AND ordering < 377 AND published=1 AND ( publish_up = '0000-00-00 00:00:00' OR publish_up <= '2025-03-12 14:34:08' ) AND ( publish_down = '0000-00-00 00:00:00' OR publish_down >= '2025-03-12 14:34:08' ) AND access<=0 AND trash=0 ORDER BY ordering DESC LIMIT 0, 1

Tuesday, 19 April 2011 09:40

The Skype Android app appears to have a big old hole in it that could allow a malicious actor (and we don’t mean Christopher Lee) to access personal data.

Android Police

discovered that the Skype Android app has SQLite3 databases which store your information and chat logs and that Skype has not encrypted those files or put structures in place to enforce permissions. Oops!

The bug essentially means a rogue app could slip in and grab your data. Android Police have created an app calle Skypwned which proves the problem is there.

While just asking for basic Android storage and phone permissions, Skypwned is able to grab your full name and phone number and list all your contacts even without your Skype username. Skype is investigating the issue. Let’s hope it plugs that hole sharpish.

Last modified Tuesday, 19 April 2011 10:38

Read 13081 times | Like it ? Add to Twitter

1 comment

Add comment Tuesday, 19 April 2011 10:55 Posted by Anun
kisat en hanum eli
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Add comment

Go to top

Providers

Rostelekom

Ucom

Beeline

ADC

Icon

Radionet

FastNet

Web

VivaCell-MTS

Arminco

Orange

Cornet

Realtime

Harknet

Partners