Internet security firm BKAV has warned about a security bug in the
so-called Viber application for Android phones that lets attackers
bypass screen locks and take control of a smartphone.
BKAV said
the flaw works in different ways depending on which Android phone. The
attack revolved around sending several messages to a victim via Viber.
The free Viber app works like Skype and lets Android phone users send messages and talk for free.
BKAV
discovered that sending pop-up messages and using some other parts of
the Viber app let them circumvent the lock screens that many people use
to secure their phones.
“The way Viber handles pop-up messages
on smartphones’ lock screen is unusual, resulting in its failure to
control programming logic, causing the flaw to appear,” said Nguyen Minh
Duc, head of BKAV security division.
He advised people not to let anyone else use their phone until the bug was fixed.
The app has been downloaded more than 50 million times from Google’s Play store, according to statistics from the search giant.
Viber said it is aware of the flaw and is preparing to release a fix that will close the loophole.
The discovery of the bug is the latest in a series of security flaws that have struck apps in Google’s Android store.
Many
cyber thieves are aiming their efforts at the phones in a bid to steal
saleable information or generate revenue by getting handsets to call or
send messages to premium rate numbers.
Viber is a propriety
cross-platform instant messaging voiceover internet protocol application
for smartphones developed by Viber Media. In addition to text
messaging, users can exchange images, video and audio media messages.
The
client software is available for Android, Black Berry OS, iOS, Series
40, Symbian, Bada and Windows Phone. Viber works on both 3G and Wifi
networks.-VNA