The Skype app for video calls, when installed and used on Android smartphones, may cause their lock screens to get bypassed. XDA-Developers Forum developer administrator “Pulser” reported that the flaw runs on the Skype's 18.104.22.16873 version, updated July 1 and that:
“The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the ‘attacker’ is able to call the ‘victim’ on Skype”
Pulser warned that the devices potentially affected by this bug are Sony Xperia Z, Samsung Galaxy Note 2, and Huawei Premia 4G and others. They said that an attacker would make a Skype call to the affected smartphone, causing it to wake, ring, and show a pop-up on the screen to answer/reject the call. If the user of the unfortunate phone answers the call, the attacker can end the call. After that, when the phone displays the lockscreen, the screen can be turned off using the power key and when the owner turns it on, the lockscreen is being bypassed and it will remain so until de device is rebooted.
Awareness is raised especially when it comes to corporate data travelling through Skype that needs this security flaw fixed. TechHive.com reported that Skype is being used by more than 100 million Android devices worldwide. Lee Cocking, who is the vice president of strategy for Fixmo, a mobile security company, has stated that:
“I’m actually surprised that we keep finding lock-screen vulnerabilities that are exploited by third-party applications. To me this speaks of overall security architecture issues with the platform, or at least with how background processes such as VoIP (Voice over IP) applications interact with the platform”
He also added that the best measure is to
“segregate business apps and data from consumer apps with some form of virtualization or containers that isolate the corporate side of things.”