Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Skype Lockscreen Bypass Bug

OP pulser_g2

2nd July 2013, 06:06 PM   |  #1  
pulser_g2's Avatar
OP Developer Admin / Senior Recognized Developer
Thanks Meter: 11,249
 
19,381 posts
Join Date:Joined: Nov 2009
More
Tested with Skype version 3.2.0.6673 (released 1st July 2013) on various
Android devices (Sony Xperia Z, Samsung Galaxy Note 2, Huawei Premia 4G

The Skype for Android application appears to have a bug which permits the
Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed
relatively easily, if the device is logged into Skype, and the "attacker"
is able to call the "victim" on Skype.

This can be reproduced as follows with 2 Skype accounts, and 2 separate
devices to use with Skype. The target phone is presumed to have an Android
lockscreen configured and in use, and to be locked during the test.

1. Initiate a Skype call to the target device, which will cause it to
wake, ring, and display a prompt on the screen to answer or reject the call
2. Accept the call from the target device using the green answer button
on the screen
3. End the call from the initiating device (ie. the device used to call
the target phone)
4. The target device will end the call, and should display the
lockscreen.
5. Turn off the screen of the target device using the power key, and
turn it on again
6. The lockscreen will now be bypassed. It will remain bypassed until
the device is rebooted

Similar to (ironically enough):
http://arstechnica.com/security/2013...ndroid-phones/.
Seems that internet based calling apps might well be "unlucky".

I suggest logging out of skype when not using it, until there is a fix.

Thanks to Turl for originally bringing this to my attention.
The Following 2 Users Say Thank You to pulser_g2 For This Useful Post: [ View ]
2nd July 2013, 09:09 PM   |  #2  
Senior Member
Flag in the basement...
Thanks Meter: 37
 
503 posts
Join Date:Joined: Sep 2005
Greetings pulser_g2,

Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?

Cheers,
Michael
2nd July 2013, 09:43 PM   |  #3  
egzthunder1's Avatar
Member Advocate Admin - Spirit of XDA
Flag At The Good End Of My Hammer, Likes: My Family & XDA, Dislikes: Incompetence
Thanks Meter: 5,190
 
18,705 posts
Join Date:Joined: Jul 2005
More
Quote:
Originally Posted by c0rnholio

Greetings pulser_g2,

Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?

Cheers,
Michael

Hi Michael,

Thanks for the tip. However, forcing enterprise policy onto a device that does not need it should not be a solution for a bug like this (not ranting against you, please don't take it that way). Skype was already informed about this a couple of weeks ago and nothing has been done afaik.

I received a Skype update today from the market, so I guess it might be worth checking if the bug can be repeated or if it has been fixed.
2nd July 2013, 10:10 PM   |  #4  
Senior Member
Flag in the basement...
Thanks Meter: 37
 
503 posts
Join Date:Joined: Sep 2005
Hi egzthunder1,

I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
5th July 2013, 10:16 AM   |  #5  
Member
Thanks Meter: 6
 
44 posts
Join Date:Joined: Jun 2011
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
5th July 2013, 02:46 PM   |  #6  
pulser_g2's Avatar
OP Developer Admin / Senior Recognized Developer
Thanks Meter: 11,249
 
19,381 posts
Join Date:Joined: Nov 2009
More
Quote:
Originally Posted by SamsungPisser

Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.

It seems to be related to the use of the permission to disable the lockscreen.

I.e. http://stackoverflow.com/questions/1...ogrammatically

You want to ensure you definitely disable the option once done. I suggest you create a test plan and ensure even if everything goes wrong, the lock will still get enabled again in the end.
5th July 2013, 02:48 PM   |  #7  
pulser_g2's Avatar
OP Developer Admin / Senior Recognized Developer
Thanks Meter: 11,249
 
19,381 posts
Join Date:Joined: Nov 2009
More
Quote:
Originally Posted by c0rnholio

Hi egzthunder1,

I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here

Hmmm that is interesting actually.

I need to see if I can replicate this by forcing provisioning manually.

I don't have an exchange server unfortunately (I use my own mail server that uses the protocol but doesn't do the complex provisioning.)

I'll have a look though as I think it supports provisioning in the configuration where it emulates Exchange. I believe this likely is a workaround for enterprise users.

This would be enough motivation actually to look at setting up proper provisioning of my devices.

Thanks for letting me know

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes