Viber Android app security hole could give hackers control of your phone

Viber Android app security hole could give hackers control of your phone

The free calling and messaging app Viber could be letting hackers gain control of your Android phone by bypassing the lock screen.

Discovered by a Vietnamese security firm, the possible security breach allows attackers to scoot round the phone’s lock screen before gaining access to the phone’s controls and everything else stored within.

Much like Skype, Viber allows you to make calls and send messages using your data connection instead of munching through calls and minutes included in your contract.

Vibraphone

The attack is carried out through messages sent and calls made to the victim through Viber; it uses the fact the that the app lets you reply to a message through a pop-up without having to unlock the handset.

“The way Viber handles to pop-up its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” said Nguyen Minh Duc, director of Bkav’s security division.

Viber is aware of the loophole, and is “currently working on fixing this issue”; in the meantime it advises users to uncheck ‘unlock for popups’ in their settings menu to safeguard against attacks.

Via:  BBC

Advertisements

Tagged: , , , , , ,

One thought on “Viber Android app security hole could give hackers control of your phone

  1. teamviber April 28, 2013 at 8:34 pm Reply

    Hi,
    I am an official representative from Viber Media.

    We care a lot about our users’ security. We worked around the clock to fix this security glitch and already a few days ago we released a fixed version for this problem. It is available for download at: http://download.viber.com/viber.apk

    We kindly ask that you update your article and let your users know of this important news. We will of course make sure that such glitches do not reoccur.

    For any other questions/concerns, please don’t hesitate to contact us.

    the Viber Team.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: