With over 50 million downloads on Android to date, Viber is one of the most popular VoIP and instant messaging clients available for Google's mobile platform. That's why this recently discovered security vulnerability is nothing to be overlooked. It turns out that by exploiting the way Viber handles pop-up notifications, an attacker can bypass the lock screen of an Android device
, assuming they have the victim's number. No special hacking skills are required – just another handset to send a couple of messages from.
Android smartphones by Samsung, Sony, HTC, and other manufacturers are vulnerable to the Viber exploit, as demonstrated by Bkav Internet Security
. That comes as no surprise, actually, since the flaw is within the app itself and not the operating system. In fact, disabling the screen lock is one of the Viber client's permissions, which every user grants prior to installing the software. That, and perhaps some cracks within the app's code, are the reason behind the security flaw, which you can see being demonstrated in the video below.
Viber's developers are aware of the issue and are working on a fix as we speak. The flaw should be addressed within a week with a software update. (UPDATE:
The issue has now been resolved.)