imgur: the simple image sharer
Viber, a messaging app with 175 million users and counting, has a flaw that could let hackers take over Android phones.

 

The fast-growing messaging app Viber, which has 175 million users—and claims to be adding 400,000 every day—has a flaw which allows hackers to crack Android phones.

Viber is an app which allows users to make free phone calls and send free texts from their phone. 50 to 100 million of the users are on Android, according to Google Play.

A security flaw in the app allows hackers to use the message popup to bypass Android’s lock screen and gain access to the device, according to the Bkav security company.

"The way Viber handles to popup its messages on smartphones' lock screen is unusual,” said Nguyen Minh Duc, director of Bkav's Security Division, “resulting in its failure to control programming logic, causing the flaw to appear."

Bkav reported the flaw to the app’s makers but has yet to receive a response. They suggest keeping your smartphone close and installing any patch the makers may issue when it is available.

Smartphones with lock screens have seen vulnerabilities before, though most of those are, as The Hacker News put it, “fancy finger work” hacks. This one, though far from simple, seems like a more accessible hack, and therefore, more likely to be exploited on a large scale.

UPDATE: According to Viber spokesman Jonah Balfour, the company has moved quickly to fix the issue. 

 

"As it turns out, Viber has issued a hot fix update that addresses this issue which is available on the Viber website at http://bit.ly/12npiZo. It will also be made available on Google Play in a few days once it passes more rigorous testing (Viber wants to make sure nothing was broken while fixing this issue).

 

"I can tell you that Viber takes this matter very seriously and has acted quickly to allay any concerns."

 

H/T Naked Security | Photo by Viber

Promoted Stories Powered by Sharethrough
hacking
Hackers aren't going to hijack your plane with a smartphone
A talk given by a security consultant at the Hack In The Box conference in Amsterdam has been making waves for a couple days now, largely because it made bold claims: Hugo Teso, who's also a trained commercial pilot, said he'd developed a way to hijack airplanes (as in take over their flight controls) by attacking the plane's systems wirelessly using an Android app he developed.
From Our VICE Partners
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!