You Are Here: Home » Industry News » Flaw in VoIP App Viber Allows Attackers to Unlock Victims’ Smartphones

Flaw in VoIP App Viber Allows Attackers to Unlock Victims’ Smartphones

An improperly implemented feature in popular voice-over-IP application Viber can help cyber-criminals to bypass the locking mechanism of smartphones.

UPDATE: Viber has contacted us to announce an update that fixes the issue. Please make sure that you install the update from Google Play or from the company’s product page.

According to a report by BKAV, Android-based smartphones running Viber can be unlocked by simply sending a message to the target device. The message is displayed in a popup window running on top of the screen lock and allows for the keyboard application to be invoked, which temporarily unlocks the lock screen.

Some applications designed for Android – such as the phone app – can temporarily unlock the screen and lock it back when it has terminated. This is also the case with Viber, but sending a second message to the victim appears to make the application lose the screen lock state and forget to lock the screen after it exits, allowing anyone to bypass the authentication mechanism.

Even though Viber comes with an option to prevent popups from unlocking the device, it is turned off by default for convenience.

Viber 2.3.6 on some Android devices might unlock the screen when replying a Viber message popup,wrote the Viber team in a security advisory. “We are currently working on fixing this issue and hope to resolve it soon. In the meantime please go to More—>Settings—>Uncheck Unlock for popups”.

According to Viber, their VoIP product runs on roughly 175 million products, but the number of installations on Android is unknown.

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 332

Comments (1)

  • Viber

    Hi,
    I am an official representative from Viber Media.

    We care a lot about our users’ security. We worked around the clock to fix this security glitch and already a few days ago we released a fixed version for this problem. It is available for download at: http://download.viber.com/viber.apk
    We kindly ask that you update your article and let your users know of this important news. We will of course make sure that such glitches do not reoccur.

    For any other questions/concerns, please don’t hesitate to contact us.

    the Viber Team.

    Reply

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top