Viber is an app which allows users to make free phone calls and send free texts from their phone. 50 to 100 million of the users are on Android, according to Google Play.
A security flaw in the app allows hackers to use the message popup to bypass Android’s lock screen and gain access to the device, according to the Bkav security company.
“The way Viber handles to popup its messages on smartphones’ lock screen is unusual,” said Nguyen Minh Duc, director of Bkav’s Security Division, “resulting in its failure to control programming logic, causing the flaw to appear.”
Bkav reported the flaw to the app’s makers but has yet to receive a response. They suggest keeping your smartphone close and installing any patch the makers may issue when it is available.
Smartphones with lock screens have seen vulnerabilities before, though most of those are, as The Hacker News put it, “fancy finger work” hacks. This one, though far from simple, seems like a more accessible hack, and therefore, more likely to be exploited on a large scale.
UPDATE: According to Viber spokesman Jonah Balfour, the company has moved quickly to fix the issue.
“As it turns out, Viber has issued a hot fix update that addresses this issue which is available on the Viber website at http://bit.ly/12npiZo. It will also be made available on Google Play in a few days once it passes more rigorous testing (Viber wants to make sure nothing was broken while fixing this issue).
“I can tell you that Viber takes this matter very seriously and has acted quickly to allay any concerns.”