XDA User pulser_g2 recently revealed a Skype exploit that bypasses the Android lock screen of some Android devices. The exploit, which involves placing a Skype call to the target phone, cancelling the call and hitting the power button, is relatively easy to execute, and persists until the target device is rebooted. Once the target device has been unlocked, a malicious user can do any number of things to the device, up to and including data theft, incurring unwanted charges and posting silly Facebook status updates.
It isn’t yet clear if the pertinent parties are aware of the security hole, or if they are doing anything about it, but while a patch remains unavailable , Skype mobile users can protect themselves by logging out of the call and messenger client when it is not in use.
The vulnerability was found to be present with Skype version 3.2.0.6673, and tested on the Sony Xperia Z, Samsung Galaxy Note 2, and Huawei Premia 4G, though with all the different ‘Droids out there, it might be a good idea to just log out anyway.
Thanks go to TJD over at http://www.gmanetwork.com for breaking the news!