Posts Tagged ‘skype’


Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

Update
In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.

Advertisements

Not only did Apple lock Skype out of 3G calling with its latest beta update, Skype is now also calling out some jailbreakers who try to run the new Skype 1.0.2 on their jailbroken devices. iClarified got the scoop from a user in Switzerland who tried to run Skype 1.0.2  on a jailbroken iPhone.   They got the message you see below:

Why would Skype try to prevent users on jailbroken iPhones from accessing their software? It is simple. If you jailbreak your phone, you can use Skype over 3G.   AT&T is really serious about killing VoIP on its network.

It appears that not all jailbroken iPhones see the message, however ones that use the jailbreak to allow Skype to work over 3G are certianly targets.