Sunday, July 7, 2013

Bug in Skype for Android devices opens the way to invade - Techworld

Failure causes an attacker could enter the deflecting device password lock screen when connecting via Skype for equipment

A bug in the Android version of Skype communication application allows an attacker can pass the lock screen multiple mobile devices that use the operating system from Google. The failure was reported by “Pulse,” the administrator development of XDA-Developers Forum in version 3.2.0.6673 Skype, which was released last week.

According to Microsoft, Skype is now installed on over 100 million Android devices. For an attacker to take advantage of the flaw, the victim’s smartphone or tablet must be connected with Skype. In this case, the attacker can then make a connection to the device, it will display on the screen the green button to answer.

When the user clicks the button to answer, the attacker goes off. But from there, even if the device is turned on or off by the power button, the invador have control over the device, through the lock screen. To eliminate the problem you need to reboot the machine.

failure was successfully demonstrated by Pulser on Sony Experia equipment Z, Samsung Galaxy Note 2 and Huawei 4G Premia. Microsoft has not commented on the matter.

This type of bug that allows an attacker to pass the password screen of the device is not uncommon. A similar vulnerability was found in rival Skype, Viper in April, according to a report from Ars Technica. The failure affected smartphones from Samsung, Sony and HTC. In March, the configuration of the emergency call function of Samsung’s Android phones also opened the side for easy unlocking device password.

“I’m surprised you still continue to find this kind of vulnerability that can be exploited by apps terceiross” says Lee Cocking, vice president of mobile security strategy of Fixmo “That to me exposes flaws in the overall security architecture platform, or at least deficiencies in the way the platform handles internal processes used by applications VoIP (Voice over IP) to deal with Android. “

Jack E. Gold, an analyst at J. Gold Associates, said the recurring problems of the lock screen devices demonstrates the need to implement new layers of security devices that carry data. This is criterion is when employees use their own devices at work. “The best alternative is to segregate the apps business and consumer data in some form of virtualization or containers that isolate the corporate side of things,” he said.

No comments:

Post a Comment