Skype patches Android client weakness; adds 3G calling

By on April 20, 2011 at 7:28 AM.

Skype patches Android client weakness; adds 3G calling

Last week, we told you about a weakness discovered in Skype’s Android client. The issue stemmed from a combination of incorrect file permissions and lack of encryption usage on the database files used to store contact information, chat history, and more. The company has gone ahead and updated said client, and as an added bonus has included the ability to make VoIP calls via your phone’s 3G data connection. “Calling over your 3G connection is available worldwide – now including the US,” reads the post. We can’t see any reason not to mosey on over to the Android Market and update to the latest version of Skype. The scannable QR code is after the jump. More →

7 Comments

Skype acknowledges Android vulnerability, user data at risk [video]

By on April 15, 2011 at 7:12 PM.

Skype acknowledges Android vulnerability, user data at risk [video]

The detectives over at Android Police have found an interesting weakness in Skype for Android. The site has discovered that the popular VoIP chat client stores contact details, conversation logs, and a host of other information in a series of unprotected squlite3 databases. “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them,” reads the article. “Not only are they accessible, but completely unencrypted.” The vulnerability was initially found in the recently-leaked Skype build for Verizon’s HTC ThunderBolt, but upon further review the current build of the software was also found to have the issue. The article’s author has even provided a proof-of-concept application that can leverage the databases’ weakness. Skype has published an official response saying that the company takes privacy very seriously and is “working quickly to protect users from this vulnerability.” Hit the jump to see a video of the proof-of-concept in action. More →

26 Comments