Looks like Skype for the Android platform has a serious flaw – or vulnerability – waiting to be exploited. Apparently, this flaw can potentially allow anyone on any platform using Skype to tap into the Android user’s phone’s camera and mic. For more on this, read on after the jump.
There are a vast majority of Android smartphone users out there in the world today, and a lot of them count on Skype for video or just audio calling using their phones. Essentially, all these users are vulnerable to a rather serious flaw.
Here’s how it goes down. If you’re getting a call on Skype on your Android device and the line is dropped before connecting for reasons other than being rejected by the receiver or cancelled by the caller, Skype at the receiver’s end – that is the Android phone – will automatically dial back to the caller, activating the camera, and the mic. Bet Sam Fisher from Splinter Cell would have really found this cool.
Here’s a step-by-step run down to re-create this flaw and check it out yourself. It is important to note that even though the issue has been reported in from Android users only, not all have experienced this.
Step 1: Have two devices sign into different Skype IDs. One of the devices should be an Android.
Step 2: With Android being the target, make a call to the device with your desktop, another Android phone, iPhone, or iPad.
Step 3: Just when the target phone (Android) rings, disconnect the calling device from the Internet. In case you’re using a phone or tablet, make sure to enter into airplane mode, in case you have data enabled.
Step 4: You should now get a call back at any time from the Android phone, and once it does, accept it and well, don’t get any ideas.
You would think Skype is trying to connect a dropped call, but that would make sense had the call actually been connected. This flaw gives any random user to call any other random user and spy into their surroundings. I believe the mic activation is more of a serious concern than a camera with more of a chance of the phone or tablet of being in a pocket or a bag.
Apparently Microsoft is aware of this, and is busy patching this up as we speak. Well, Merry Christmas everyone!