Viber - exploit allows hackers to bypass the lockscreen on Android

[mod edit: please see post #7 for a fix to this issue]

Just when Viber grabbed some positive headlines with a new, ahem, Beta app for, ahem, older Blackerry devices, this world-threatening security risk ruins it all:

Here's a quick video showing off the security mess on a Nexus 4. But apparently the exploit works on pretty much all Android devices that can run Viber.


Here's how the exploit works:

1) Send a Viber message to the victim;
2) Make the Viber keyboard appear on the targeted device by performing some actions with message pop-ups;
3) Once the keyboard has appeared, a missed call must be created or the “Back” button must be pressed.

The way Viber handles to popup its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” noted Mr. Nguyen Minh Duc, director of Bkav's security division.

Bkav notified Viber last week and have yet to receive any reply.


Add a comment

ViberTeam  Apr. 25, 2013 at 14:09

We are researching this issue at the moment and we will release an update very soon. We care a lot about our users' security, and so we see this as a first priority task.

Meanwhile, until we release the fixed version and as a temporary workaround, it is possible to disable the auto-unlocking of the screen through Viber's settings. This will eliminate the security glitch completely.

Stay tuned for the upcoming update :)

the Viber Team.

JanSt / MOD  Apr. 25, 2013 at 14:31

Thank you for the feedback :)

ViberTeam  Apr. 25, 2013 at 14:46

Thank you for the feedback :)

Our pleasure :)

mrew42  Apr. 25, 2013 at 15:23

Yay Mobot & Jan (& indeed Viber)
We call it out and get an answer. That's what I like to see :)

ViberTeam  Apr. 26, 2013 at 10:21

As promised, we've released a fixed version for this problem. It can be found and downloaded here: http://download.viber.com/viber.apk
We will make sure that such glitches do not reoccur :)

For any other questions/concerns, please don't hesitate to contact us.

the Viber Team.

JanSt / MOD  Apr. 26, 2013 at 10:30

Excellent, viberers :)


You don't need an account to comment. Just enter your email address. We'll keep it private.