Security Bug in Skype iOS App Lets Hackers Steal User Information

Those who are using Skype iOS app version 3.0.1 or older must be very careful while opening messages from unknown people. It has been confirmed by security expert that the Skype iOS app for both iPhone and iPod Touch has a cross-site scripting (XSS) security bug in its Chat Section.

It seems that the problem arises because of the inappropriate encoding by Skype – the thing is Skype is unsuccessful in properly encoding the ‘full name’ of the sender of an incoming chat message that enables the sender to add malevolent JavaScript code. The sender can execute this code as soon as the user opens his/her chat message.

As soon as the code initiates, the hacker might have an access to your device and can download all the important information through Skype app such as address book.

The following video will help you understand how this vulnerability practically works

Skype is pretty much aware of this security bug and has some serious concerns over it. They are working hard to rectify this problem. Skype explains their concerns as:

We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.

You need to keep an eye on your chat messages particularly on those with suspicious senders. Only open the chat messages from trustable senders until Skype finds a fix for this bug.

Enjoyed this article? Submit your email to receive daily news and updates.

***You must click confirmation link sent in email. If you don't see the email, check spam folder.

Filed in: iPhone, iPod, News Tags: , , ,

Leave a Reply

Submit Comment

© 2021 Tech Readers. Reproduction without explicit permission is prohibited. All Rights Reserved. XHTML / CSS Valid.