Feeds

back to article Skype for iPhone makes stealing address books a snap

If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message. In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat …

COMMENTS

This topic is closed for new posts.
Silver badge

Oh, splendid!

Cue mass outrage from assembled fanbois in 3..2..1..

GJC

2
3
Silver badge

Apple tries

but in the end it is microsoft's responsibility.

Wheeee! new opportunities for MS bashing... is it MS's secret plan to bring the iphone into disrepute?

Seriously guys... if you must re-use browser code for everything, how hard would it be to build no-script into your embedded browsers?

0
1

I agree yet I don't

IN Apple's world Apple is king. So when Apple rejects an app because they don't like its content then that is accepted. Now just because Skype is a respected app doesn't mean that Apple cannot remove the infected app from its store to protect its users from downloading an app which they know to be an issue. So although ultimately this is Microsoft's issue to fix Apple has done nothing to mitigate or bridge the gap.

1
1
Silver badge
Thumb Down

Excuse me while I re-read the first line of the article

You know, the one where it says "If you use Skype on an iPhone or iPod touch".

In other words, Apple-only products using Apple-only software and apps that are Apple-software compatible.

Now, please explain how anyone could possibly crowbar Microsoft into that argument, except for a troll.

Oh, right.

0
0

Reminds me of...

Bobby Tables.

7
0
Bronze badge

Regarding point two

So Apple should restrict address book data from apps? Even contact based apps like Skype?

Skype has to have an address book to work at all, restricting access in iOS isn't going to change that, all it's going to do is annoy iOS users who will be forced to upload their contacts to Skype from their computers instead while Skype says "sorry peeps, nasty old Apple won't let you do it the easy way".

I also don't see how anyone could expect an OS to distinguish between a messaging app uploading data to a remote host in the normal course of usage and uploading data to a remote host because it's been coerced to do so, this is Skype's fail pure and simple.

0
1

Regarding point two

"So Apple should restrict address book data from apps? Even contact based apps like Skype?"

No, it should inform users if an app will attempt to access their contacts when it's installed. Clearly this wouldn't have prevented this Skype bug, and it's entirely possible that it could happen on Android seeing as when you install it you give it access to your contacts.

I do however think that the Android security model is vastly superior as it gives me warning if somebody wants to snarf my contacts. If a game tells me it wants access to Fine Location (GPS), Contacts & Internet, then there's no way I'm installing it.

3
0

I believe that would be the *phone* contacts, not the Skype ones.

1
0

huh?

So Apple should inform you...that an app will use your address book that has as a feature the use a common shared address book? Ok..fine...99% of users will click "Ok" to that, JUST AS THEY DO WITH ANDROID and Skype.

As for your location example, Apple does indeed warn you that an application wants to access your location data and you can install the the app but deny access to location services at the time of installation or at any time in the future as you wish.

Since there is malware on Android that's meant to "snarf" your stuff I wouldn't install those on my Android phone either.

1
0

oh look, i can do it too. :/

0
0
Anonymous Coward

Surely..

If you blocked it from the address book it'd make the app pointless since I'd image (not sure as I don't use Skype) that you'd stored your skype addresses along with your usual contact info no?

Also how many Droid users when installing Skype if told it needed access to their address book would block it since it seems a pretty obvious function of a communications app.

Fail on the part of Skype rather than Apple for failing to block basic javascript injection IMHO.

0
0

hmm

this problem exclusive to iphone or are droids susceptible as well?

0
0

No idea!

Ask Microsoft!

1
1

idiots

Why on earth would a chat client need to interpret javascript?

3
0

XKCD covered this nicely

http://xkcd.com/327/

0
0

Falt_Steve beat you to it by three hours :-)

1
0

Skype in crappy software shocker

Uh... this would be the same company whose stupendously huge distributed network fell down last year and had to be helped back onto its' knees using thousands of temporary supernodes, after a pisspoor windows Skype application?

Blimey. Whoda thunk it.

0
0

This is Apple's problem

Apple of course will try to shift the blame to MS but it's not their problem! Apple has a walled garden approach and this is something their App Market testers should have tested for.

1
2
This topic is closed for new posts.