Skype On iPhone Has A Big Hole Allowing Hackers To Steal Your Information

Here’s an important advice for you and your friends: Remove Skype from your iPhone now! There’s a big hole / vulnerability which allows hackers to steal your information of all your address book content.

The hole works like that: Hackers are allowed to enter javascript commands into Skype usernames then a chat message is sent to the user and a program is loaded onto a web server to receive the address book content.

Security research from SuperEVR:

I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access. File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

Google Ads:

TechCrunch says that Skype is aware of the problem:

Skype says it is aware of the security issue, and had issued the following statement:

“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
The non-patronizing first sentence would have been sufficient, Skype.

A small video showing the hole in action:

So.. take care!

Related Articles

  • Skype for iPhone Finally Gets Video Chat !Skype for iPhone Finally Gets Video Chat !
    Weve been talking about that for about a week and its finally here! Skype has updated their iOS appp to include video chatting feature. It works over Wi-Fi and 3G to another iPhone or to a Skype deskt...
  • Skype has been Updated to Support MultitaskingSkype has been Updated to Support Multitasking
    Yes, Its here, Skype has been Updated to Brings support for iOS 4 and iPhone 4, its Really Cool. Skype now works with Fast app Switching, It runs in the background with multitasking in iOS4 and you ca...
  • Skype Delayed Its Calling Fee till the End of 2010!Skype Delayed Its Calling Fee till the End of 2010!
    Yestarday, we announced you that Skype has been Released to make you place calls over iPhone 3G for Free but it was with free calls till August 2010. Now Skype has Delayed this Fee till the End of 201...
  • Skype has been Released to allows you make calls over 3GSkype has been Released to allows you make calls over 3G
    I know you have been waiting a lot for this Skype App Release, You dont have to wait more. Skype 2.0 has been Released to allows you to place calls over iPhone 3G and the big thing that its for Free...
  • Skype has Been integrated With iPhone 4G on OS 4Skype has Been integrated With iPhone 4G on OS 4
    Skype has been integrated Successfully with iPhone 4G working on OS 4 Firmware, Its Real that Skype will run in the background, and display call control outside of the application specially after the...
Leave a comment