All the latest UK technology news, reviews and analysis
|
|
|
15 Apr 2011
VoIP service provider Skype is being accused of leaving users of its Android application vulnerable to attack.
Mobile news blog Android Police is reporting that the Android version of the Skype application is failing properly to lock down databases containing information on calls.
The blog said that data such as contact lists, profile information and instant message logs are being left unencrypted in folders on the handset. The directories could be viewed by users, as well as other applications.
Android Police suggests that, were a malicious application able to infect the device, personal details could be pulled from the Skype data archive and uploaded to an attacking system.
Skype acknowledged the issue in a posting to its official security blog.
"It has been brought to our attention that, were you to install a malicious third-party application onto your Android device, it could access the locally stored Skype for Android files," the company said.
"To protect your personal information, we advise you to take care in selecting which applications to download and install."
According to security experts, the risk from this issue could be very real. Daniel Hoffman, chief mobile security evangelist at Juniper Networks, told V3.co.uk that an attacker gaining access to Skype logs could obtain commonly sent data, such as credentials for financial accounts.
"When you have that account information and you have the name and address, you have everything you need for identity theft and fraud," he said.
The Skype issue may also be indicative of a much larger issue with Android applications. Improperly secured data logs combined with incidents such as the recent Droid Dream malware outbreak could represent major security troubles.
"People are downloading applications that are not securely vetted. You don't know who the developer is and you have no way to analyse it," Hoffman explained.
"When you correlate these events, you see that the time for mobile security and the time for mobile malware really is now."
Latest stories from Mobile Software
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Java Deveoper/Programmer/Software Engineer, Algo Trading...
Austin Fraser has the pleasure of appointing a number...
Austin Fraser has the pleasure of appointing a Java Developer...
Austin Fraser has the pleasure of appointing a Senior...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?