Wednesday 3 June 2015

A simple string can send Skype into an endless crash loop

Just a few days ago, information surfaced about a strange string that can crash the iOS Messages app. The bug became pretty viral, caused a lot of controversy and apparently sparked an interest in such exploits. So much so, that a similar hack has now been found for Skype.
The Microsoft-owned messenger also appears to be susceptible to malicious messages and it turns out that it requires a lot less effort than the complicated spell-like message that plagued Apple’s messenger. If you send any message containing the string “http://:” to a Skype contact their client will most-likely crash and keep on crashing after a restart.


This loop of death, reportedly, occurs on the Windows Desktop client for Skype, as well as the mobile versions for Android and iOS, although there have been some reports that certain version of Android are still safe. The bug doesn’t seem to affect Mac users or the special touch-optimized, Skype app for Windows 8 and 8.1.
The string itself looks alarmingly simple and, frankly, it is rather odd that somebody hasn’t stumbled upon it sooner. Presumably, the misspelled protocol reference messes with the link-handling functions in Skype and causes it to crash. What makes the bug particularly dreadful is that it persists after restarting the app and even after reinstalling it or deleting its history, as Skype instantly downloads it again. The only workaround for the time being seems to be to ask the sender to delete the message, so, it is no longer in history and then reinstalling Skype.
The bug has already been acknowledged by Skype and a quick resolution is promised to users. Let’s just hope Microsoft will act quicker than Apple to avert the crisis.

No comments:

Post a Comment