Tuesday, September 20, 2011

Skype On iOS Has A Big Open Door, Opens Your Address Book To The Net!

Skype On iOS Has A Big Open Door http://snapvoip.blogspot.com/
Security firm Superevr has revealed that Skype for iOS, like Skype for iPhone has a big hole that lets scrupulous people access one's data, like Address book. The Cross-Site Scripting vulnerability exists in the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
The cuprit of the open door seems to be Skype's lack of encoding of in coming messages user name and the URI scheme set to "file://" instead of "about:blank" or similar. Even with Apple's protective measures in place, it is harder to tap into other files on the system but common and open files (to applications) like address book are vulnerable.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception. I created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.


Blog Widget by LinkWithin