|BKAV discovered that sending pop-up messages and using some other parts of the Viber app let them circumvent the lock screens that many people use to secure their phones.—Illustrative image
HA NOI (VNS)— Internet security firm BKAV last Friday warned about a security bug in the so-called Viber application for Android phones that lets attackers bypass screen locks and take control of a smartphone.
BKAV said the flaw works in different ways depending on which Android phone. The attack revolved around sending several messages to a victim via Viber.
The free Viber app works like Skype and lets Android phone users send messages and talk for free.
BKAV discovered that sending pop-up messages and using some other parts of the Viber app let them circumvent the lock screens that many people use to secure their phones.
"The way Viber handles pop-up messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear," said Nguyen Minh Duc, head of BKAV security division.
He advised people not to let anyone else use their phone until the bug was fixed.
The app has been downloaded more than 50 million times from Google's Play store, according to statistics from the search giant.
Viber said it was aware of the flaw and was preparing to release a fix that would close the loophole.
The discovery of the bug is the latest in a series of security flaws that have struck apps in Google's Android store.
Many cyber thieves are aiming their efforts at the phones in a bid to steal saleable information or generate revenue by getting handsets to call or send messages to premium rate numbers.
Viber is a propriety cross-platform instant messaging voiceover internet protocol application for smartphones developed by Viber Media. In addition to text messaging, users can exchange images, video and audio media messages.
The client software is available for Android, BlackBerry OS, iOS, Series 40, Symbian, Bada and Windows Phone. Viber works on both 3G and Wifi networks. — VNS