Skype on iPhone, iPod Touch Address Books Easy to Steal [VIDEO]
Skype has been informed by a researcher it is vulnerable to information thieves who can work around its reported weakness in security systems for iPhone and iPod Touch devices.
In a Fairfax Media report, security researcher Phil Purviance of AppSec Consulting says a hole in Skype's system for the said devices allows friends of users to send malicious code to a target and steal their entire address book.
Purviance found the hole on Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
Fairfax said the vulnerability was reported to Skype on Aug. 24, and Purviance made it public on Sept. 19 in a blog post and a video upload to YouTube.
In his blog post, Purviance said an attacker, a malicious technical person, would just send a malicious message to his target user. Once the user does so much as view this sent message, then this user's entire phonebook is open for quick stealing by the attacker.
On his Twitter account, Purviance said he was told by Skype that an update to patch the hole would be released early September.
In a statement to Fairfax, Skype recognized and expressed awareness of the issue, adding it was "working hard" to fix it in its next planned release.
"In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always."
Below is the video that Purviance uploaded on YouTube to warn Skype users of the hole he reported.