Security hole in Viber for Android discovered, fix incoming

Security hole in Viber for Android discovered, fix incoming
With over 50 million downloads on Android to date, Viber is one of the most popular VoIP and instant messaging clients available for Google's mobile platform. That's why this recently discovered security vulnerability is nothing to be overlooked. It turns out that by exploiting the way Viber handles pop-up notifications, an attacker can bypass the lock screen of an Android device, assuming they have the victim's number. No special hacking skills are required – just another handset to send a couple of messages from. 

Android smartphones by Samsung, Sony, HTC, and other manufacturers are vulnerable to the Viber exploit, as demonstrated by Bkav Internet Security. That comes as no surprise, actually, since the flaw is within the app itself and not the operating system. In fact, disabling the screen lock is one of the Viber client's permissions, which every user grants prior to installing the software. That, and perhaps some cracks within the app's code, are the reason behind the security flaw, which you can see being demonstrated in the video below.

Viber's developers are aware of the issue and are working on a fix as we speak. The flaw should be addressed within a week with a software update. (UPDATE: The issue has now been resolved.)


FEATURED VIDEO

7 Comments

1. buccob

Posts: 2978; Member since: Jun 19, 2012

Well I saw this coming, and always have had the pop-up chat windows option disabled... And since Viber is such RAM hungry I actually have it stopped all the time, except for when I need to call somebody and turn it on... No big deal, just deactivate the pop-up windows

2. protozeloz

Posts: 5396; Member since: Sep 16, 2010

Same here, I find no use in that pop up notification....

7. Viber

Posts: 30; Member since: Jul 21, 2011

@buccob - The battery consumption issue will hopefully be resolved in our next upcoming major update. Stay tuned for news :)

3. Viber

Posts: 30; Member since: Jul 21, 2011

Hi, This is a member of the Viber Team. We are researching this issue at the moment and we will release an update very soon. We care a lot about our users' security, and so we see this as a first priority task. Meanwhile, until we release the fixed version and as a temporary workaround, it is possible to disable the auto-unlocking of the screen through Viber's settings. This will eliminate the security glitch completely. Stay tuned for the upcoming update :) Viber Team

4. buccob

Posts: 2978; Member since: Jun 19, 2012

Wow, this is a nice thing to see from a developer... Thanks! now that you are at it... would you also give it a more Androidish feel, instead of the iOSish user interface?

6. Viber

Posts: 30; Member since: Jul 21, 2011

It's our pleasure. :) We're looking into it, there are many surprises to come. ;)

5. Viber

Posts: 30; Member since: Jul 21, 2011

Hi again guys, The Android lock screen issue has been resolved and we have a new version available for download. You may find the apk file on our FB page. :)

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.