Viber - exploit allows hackers to bypass the lockscreen on Android
[mod edit: please see post #7 for a fix to this issue]
Just when Viber grabbed some positive headlines with a new, ahem, Beta app for, ahem, older Blackerry devices, this world-threatening security risk ruins it all:
Here's a quick video showing off the security mess on a Nexus 4. But apparently the exploit works on pretty much all Android devices that can run Viber.
Here's how the exploit works:
1) Send a Viber message to the victim;
2) Make the Viber keyboard appear on the targeted device by performing some actions with message pop-ups;
3) Once the keyboard has appeared, a missed call must be created or the “Back” button must be pressed.
“The way Viber handles to popup its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” noted Mr. Nguyen Minh Duc, director of Bkav's security division.
Bkav notified Viber last week and have yet to receive any reply.