Skype for iOS has major security hole, may put your address book at risk
A new security hole found in Skype for iOS could allow a hacker to access your entire address book, according to security firm SuperEVR.
A new security hole found in Skype for iOS could allow a hacker to access your entire address book, according to a blog post from security firm SuperEVR.
"I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access."
That's the scary part. Anything Skype can do with your iPhone, a hacker with the right chops could also do. Don't worry, though, it's not all bad. Apple's app sandbox design in iOS will prevent the most sensitive information from being accessed, but as the poster noted, Skype, like every iOS app, has access to the user's address book. In the proof-of-concept video below, he shows how the address book data can be stolen by exploiting this vulnerability.
TechCrunch has noted that Skype is aware of the issue and working furiously to release an update that closes the hole.
Should the burden of user security be placed more on Apple's iOS or the app developers? Let me know your thoughts in the comments!