Security hole in Viber for Android discovered, fix incoming

Security hole in Viber for Android discovered, fix incoming
With over 50 million downloads on Android to date, Viber is one of the most popular VoIP and instant messaging clients available for Google's mobile platform. That's why this recently discovered security vulnerability is nothing to be overlooked. It turns out that by exploiting the way Viber handles pop-up notifications, an attacker can bypass the lock screen of an Android device, assuming they have the victim's number. No special hacking skills are required – just another handset to send a couple of messages from. 

Android smartphones by Samsung, Sony, HTC, and other manufacturers are vulnerable to the Viber exploit, as demonstrated by Bkav Internet Security. That comes as no surprise, actually, since the flaw is within the app itself and not the operating system. In fact, disabling the screen lock is one of the Viber client's permissions, which every user grants prior to installing the software. That, and perhaps some cracks within the app's code, are the reason behind the security flaw, which you can see being demonstrated in the video below.

Viber's developers are aware of the issue and are working on a fix as we speak. The flaw should be addressed within a week with a software update. (UPDATE: The issue has now been resolved.)


FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless