Tuesday, December 23, 2014

Skype for Android App - Eavesdropping - Feature or Flaw

The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.

As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."

The old fashioned way.
As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing. (more)