Anyone use skype on their iphone?
#1
Anyone use skype on their iphone?
if so, you might be interested in this:
· Skype For iPhone Makes Stealing Address Books A Snap: If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message. ... Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you'll have a fully-searchable copy of the victim's address book. ... The attack exploits two oversights that just go to show that even elaborately erected walled gardens such as Apple's can contain threats that menace its blissful inhabitants. The first is a failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages. ... The other lapse ... was the decision by iOS developers to make the file storing address-book contents accessible to every app installed, including Skype. [HSEC-1.1; Date: 20 September 2011; Source: http://www.theregister.co.uk/2011/09/20/skype_for_iphone_contact_theft/]
received today from an information security mailing list i subscribe to...
· Skype For iPhone Makes Stealing Address Books A Snap: If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message. ... Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you'll have a fully-searchable copy of the victim's address book. ... The attack exploits two oversights that just go to show that even elaborately erected walled gardens such as Apple's can contain threats that menace its blissful inhabitants. The first is a failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages. ... The other lapse ... was the decision by iOS developers to make the file storing address-book contents accessible to every app installed, including Skype. [HSEC-1.1; Date: 20 September 2011; Source: http://www.theregister.co.uk/2011/09/20/skype_for_iphone_contact_theft/]
received today from an information security mailing list i subscribe to...
#4
Im pretty certain the default setting is 'only accept messages from people in your address book', if it isnt, ypou may want to set it to that!
thanks for the heads up
thanks for the heads up
#5
No idea.. don't have an iphone myself.. just thought it might be relevant to one or two people on here!
#7
Not so much a security flaw in my opinion, more like poor OS/application design on apple's part.
I would say the skype part of the message is more of a flaw/vulnerability to be honest.
I would say the skype part of the message is more of a flaw/vulnerability to be honest.
Trending Topics
#10
Think I will stick to my BT phone then. I have never found it to be a problem to be unavailable at every second of the day. In fact I much prefer it.
Mobiles are just useful in an emergency of some kind. Easiest to leave it switched off!
Les
Mobiles are just useful in an emergency of some kind. Easiest to leave it switched off!
Les
Thread
Thread Starter
Forum
Replies
Last Post
JackClark
Computer & Technology Related
1
25 September 2015 06:50 PM