How an Attacker can Take Complete Control of Your Skype

Read notifications of incoming messages (and their contents)

Intercept, read and modify messages

Log and record Skype call audio

Create chat sessions

Retrieve user contact information

Update Your Skype Installation Now!

"We do not build backdoors into our products, but we do continuously improve the product experience [and] product security and encourage customers to always upgrade to the latest version."

Those innocent-looking apps in your smartphone can secretly spy on your communications or could allow hackers to do so.Hard to believe, but it's true.Recently, Trustwave's SpiderLabs analysts discovered a hidden backdoor in Skype for Apple's macOS and Mac OS X operating systems that could be used to spy on users' communications without their knowledge.The backdoor actually resides in the desktop Application Programming Interface (API) that allows third-party plugins and apps to communicate with Microsoft-owned Skype — the popular video chat and messaging service.Appeared to have been around since at least 2010, the backdoor could allow any malicious third-party app to bypass authentication procedure and provide nearly complete access to Skype on Mac OS X.The malicious app could bypass authentication process if they "identified themselves as the program responsible for interfacing with the Desktop API on behalf of the Skype Dashboard widget program."Accessing this backdoor is incredibly easy. All hackers need to do is change a text string in apps to this value → "," and the desktop API would provide access to sensitive features of Skype.An attacker or any malicious program abusing this hidden backdoor could perform the following actions:The researchers have also provided proof-of-concept Objective-C code that initiates the connection process without asking the user for permission for the process to attach to Skype:The backdoor believes to have been created by a developer at Skype before Microsoft acquired the company and likely exposed more than 30 Million Mac OS X users.Trustwave notified Microsoft of the vulnerability in October, and the company has patched the issue in Skype 7.37 and later versions.Here's what a Microsoft spokesperson said about the backdoor:Trustwave also speculated that the backdoor believed to have been accidently left in Skype "during the process of implementing the dashboard plugin," as the Skype dashboard widget does not appear to utilize it.All versions of Skype for macOS and Mac OS X, including 7.35 version, are vulnerable. So users are strongly recommended to update their Skype installation as soon as possible.