PC Magazine warns of a new exploit that can allow hackers to unlock phones exposing private data and creating opportunities for misuse of the account.
QUOTE: The Viber messaging app has been gathering momentum on Google Play, but a new exploit might give users pause. Just a few days ago, the security company Bkav announced that it has found a way to gain full access to Android phones using the popular Viber messaging app. Unlike the Samsung lockscreen issue we reported on earlier, this attack doesn’t take any fancy finger work. Instead, all it needs is two phones, both running Viber, and a phone number.
Here’s how it works. The victim phone is locked, but it has Viber installed and set up. The attacker phone sends a message to the victim, which brings up an alert window on the lockscreen. One of the unique features of Viber is that you can respond even while the phone is locked, and activating the Viber keyboard is the next step in the attack. Once the keyboard is active on the victim phone, the attacker sends another message. This time, press the back button on the victim phone, and suddenly you have full access to the victim phone.
According to Bkav, the issue stems from the way Viber interacts with the Android lockscreen. BKav’s security division director Nguyen Minh Duc explained on the company’s website, “the way Viber handles to popup its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear.”