• Any contact information the user has entered into Skype
• Call audio
• Chat sessions
• Incoming messages
All it takes is for the hacker to change the contents of a single line of code in the “Skype Dashbd Wdgt Plugin,” and they can gain control.
The researchers also released proof-of-concept code that demonstrates how the hackers can gain full control without asking for the user’s permission, which would normally be required for any process to attach itself to Skype.
In terms of scope and scale, statistics indicate that there are more than 30 million Mac OS X users who may be vulnerable, which makes this a fairly pervasive problem.
The backdoor appears to be an unused remnant of code that dates back to 2010, and Microsoft has already released a patch.
If you’re a Mac user running any version of Skype older than 7.37, you are at risk and should update immediately.
When the patch was released, Microsoft issued an official statement saying they don’t build backdoors in their products, so this could be an artifact that predates the company’s acquisition of Skype, meaning that users have been at risk for a very long time.
From a business perspective, this serves to underscore the importance of having a robust update policy that extends to employee-owned devices if your firm has a BYOD (Bring Your Own Device) policy in place.
Even if your company doesn’t use Skype for regular communication, it can still pose a security risk if one of your employees has an outdated version.