The latest update to Skype has enabled a bug that allows users to bypass lock screens on Android devices. Currently, that amounts to 100 million devices that could be compromised.
An XDA-Developers Forum by the name of “Pulser” said he tested the attack on the latest version of Skype (which was released Monday, the 1st of July). Pulser tested the glitch on popular Android phones like the Galaxy Note 2 and the Sony Xperia Z.
Pulser indicated that it was relatively easy to bypass the screen lock on an Android phone if the phone was logged into Skype and the “attacker” was able to call the “victim” on Skype. He said that the glitch didn’t work if a regular phone call came through, however.
When the call comes through Skype to the target device, the phone will wake, ring, and display a prompt that allows the user to reject or answer the call. If the call is accepted, then the attacker (or incoming call) must end the call. This will return the phone to the lock screen, which the attacker must then turn off (tap the power button twice) and then turn back on again. Then, without a code, the home screen will be available for anyone who may be using the phone at the time. Until the device is rebooted, the security lock will not return.
So if you have an Android device, sensitive data on your phone, and Skype, it’s best to stay logged out of Skype until an official announcement has been made indicating the bug has been fixed.