Today I came across a post by Tom Keating at TMCnet advising of a security vulnerability in Skype for iPhone 3.0.1 and possibly Skype for iPad if it is a full iOS issue. Dan York has subsequently written about it, including a statement from Skype:
We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime, we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense Internet security as always. [Author’s bold]
Both posts include a video demonstrating the vulnerability posted by the initial reporter of the vulnerability at the SUPEREVR Security Blog .
Bottom line is “know your contacts”. As Dan states:
Skype’s mitigation recommendation is a good one as the default privacy setting is typically that you can only receive chat messages from people on your Contact list. Therefore, the attacker would have to be someone who you have authorized and added to your contact list.
Hopefully we will see a new release of Skype for iPhone any day now and, if also affected, Skype for iPad. In the meantime “practice safe Skype” by knowing your contacts.