Florian Kunushevci, a web security researcher and a lover of white hat hacking. He found a vulnerability in Skype android app, and reported the same to Microsoft (Owner of Skype). Kunushevci reported the bug in October,2018, but didn’t receive any acknowledgement regarding the same. Microsoft will publish about it in mid-January,2019.
ABOUT THE VULNERABILITY
This vulnerability allowed the person to access gallery, contacts and browser, that usually required a PIN or fingerprint impression in order to access it.
Additionally, Kunushevci posted a video of how it could be done. Microsoft took nearly 2-3 months to patch the bug. They updated the app and the bug was removed. As a matter of fact, this simple yet highly dangerous bug affected thousands of android devices around the world.
SO HOW HE DID IT ?
Apart from 2-3 months, there is no information regarding how long this bug had been into use by attackers in general. Though, anyone without physical access cannot simply take undue advantage of the vulnerability, but with the physical access, anyone with basic knowledge of smartphones and android OS, can conduct it.
Here is the link to YouTube video :
Though smartphone companies are striving hard to make user experience better each day. But these type of bugs from software companies are a hurdle to a smooth user experience. These bugs and vulnerabilities affect the user experience and in addition to that, hinder in keeping private information safe and secure. In conclusion, the best way to avoid being a victim of such vulnerability is to keep all the apps/softwares updated in your device. Software companies strive hard to provide best experience plus security too. Users must also do their part of job in order to maintain a safe distance from such vulnerabilities.