The free calling and messaging app Viber could be letting hackers gain control of your Android phone by bypassing the lock screen.
Discovered by a Vietnamese security firm, the possible security breach allows attackers to scoot round the phone’s lock screen before gaining access to the phone’s controls and everything else stored within.
Much like Skype, Viber allows you to make calls and send messages using your data connection instead of munching through calls and minutes included in your contract.
The attack is carried out through messages sent and calls made to the victim through Viber; it uses the fact the that the app lets you reply to a message through a pop-up without having to unlock the handset.
“The way Viber handles to pop-up its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” said Nguyen Minh Duc, director of Bkav’s security division.
Viber is aware of the loophole, and is “currently working on fixing this issue”; in the meantime it advises users to uncheck ‘unlock for popups’ in their settings menu to safeguard against attacks.