Skype for Android Bug Can Allow for Eavesdropping

Skype for Android Bug Can Allow for Eavesdropping

The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.

As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."

As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing.

NDTV Gadgets was able to replicate the issue, though Android Police does point to some users not experiencing this automatic call back and connect behaviour. The Skype app on the desktop must be logged in, and of course connected to a webcam or microphone for any actual eavesdropping to take place.

It's not known that the Skype team is aware of the issue as yet, but considering that this bug is reportedly working for various users, it needs urgent attention by Microsoft.

Last month, the Redmond giant had updated Skype for Android to resolve the most complained bug that was affecting the app in the late delivery of chat notifications.

Alongside, the Skype update had brought some new features as well. These new features included fast chat window opening; Picture-in-picture for Android smartphones; ability to receive images from Skype for iPhone and other new clients; support for Hindi language, and improved text formatting.