Viber App Flaw Allows Users to Access Android Devices via Lock Screen [updated]

Update: A representative from Viber sent us an email explaining that the security issue has now been fixed.

Email:

We have come across your article regarding the security glitch in our application, in this URL: http://www.thetechstorm.com/2013/04/viber-app-flaw-allows-users-to-access-android-devices-via-lock-screen/

Since this is a major issue, and since we care a lot about our users’ security, we kindly ask that you edit/update the current article, adding our response, and officially stating that we have fixed this issue in a matter of days. The fixed version can be found here: http://download.viber.com/viber.apk

Thank you in advance, and we look forward to further cooperation with you.

 

According a report from Internet Security firm Bkav, a security flaw in popular messaging app Viber, allows users to bypass the lock screen on many Android devices.

Bkav highlighted that the security flaw was present on my high-end devices including Google Nexus  and Xperia 4.

Based on the video, unauthorized access can be gained when a message is sent using the Viber messaging app. When user receiving the message clicks on the reply box (via the lock screen), and then press the back button – full access to the device is allowed thereafter.

A temporary solution to the security breach is to disable the notification system for the Viber app.

Recently, a similar security flawed showed up in iOS 6.1.3 software, which granted unauthorized users access to the address book and photos of an iPhone by simply ejecting the SIM card while using voice control to make a call.

At the time, AppleInsider reported that the flaw appeared to be restricted to iPhones without Siri support, since the blog was unable to reproduce the behavior on an iPhone 5.

Source:  Bkav