Use Skype on the iPhone? Your info could be stolen
Are you using the Skype for iOS app on your iPhone or iPod Touch? Then you need to be aware of how easily your information — particularly your entire address book — could be stolen without your knowledge. All it takes is a single chat message.
According to TechCrunch, the issue was first discovered by AppSec Consulting security researcher Phil Purviance — who claims that he pointed out the vulnerability to Skype about a month ago. You can see a rather technical demonstration of how information is stolen in the video below, but here's the simplified version:
- An evildoer places malicious code into the "Full Name" field in his or her Skype profile
- That individual sends a chat message to his or her victim — someone who is using Skype on his or her iPhone or iPod Touch
- As soon as the victim views the message, the malicious code begins to run on his or her mobile device
- Information — such as the victim's address book — is uploaded to the evildoer's computer
- The evildoer is able to sift through the stolen information at his or her leisure