Recently Pulser, a contributor on XDA-Developers forum, discovered a bug in Skype that allows an attacker to bypass the lock screen on your Android device.
The way it works is the attacker would need to access to your device either in hand or with an accomplice and involves making a call to target phone while in sleep mode, ending call on initiating device, then pressing the power button on twice on the target device.
Unfortunately reproducing isn’t as easy as that but I was finally able to reproduce following the steps outlined by Pulser. The bug was found in Skype v. 3.2.0.6673, on the same day of the news of this bug Skype released v. 4.0 of their Android offering. I was unable to reproduce the lock screen bypass in v 4.0 so it’s possible Skype has fixed the bug, however don’t take my word on it as I was just unable to reproduce. According to Pulser Skype has been notified and hopefully they have it resolved or will in the near future.
