SCF Advanced Search



Members
Stats
  • Total Posts: 37111
  • Total Topics: 11925
  • Online Today: 992
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 16. April 2011., 19:46:41 »



According to a post at Android Police: http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/ , confirmed by Skype, the Android version of the popular VoIP app exposes extensive user data: http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html

The Android Police report says user IDs, phone numbers, chat logs, and other data is exposed by the vulnerability.

User data is stored unencrypted in sqlite3 databases, and Skype for Android uses improper permissions for these databases. The user ID is stored in a static location, so once it is read, it allows access to these internal databases.

A rogue application is able to access the Skype databases, getting everything from stored user details through to chat logs. Justin Case, who published the vulnerability, has also published a proof-of-concept exploit.

(ElReg)

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising