Viber flaw gives full access to Android mobile


viber flaw gives access to mobile data bypassing lock screen

Viber is a well known app for free calls, text and picture sharing in Google Play store.But the flaw in the app may expose the important phone data of  175 million Viber users. The flaw is similar to Apple which allowed the bypassing of lock screen  to access the phone content .The flaw identified by Bkav can allow users to bypass the lockscreen of your Android phone in 3 steps.

How does it work?

1) Send a Viber message to the victim;
2) Make the Viber keyboard appear on the targeted device by performing some actions with message pop-ups;
3) Once the keyboard has appeared, a missed call must be created or the “Back” button must be pressed.

Thus,unlocking your phone.

Mr. Nguyen Minh Duc said

The way Viber handles to popup its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear

Third step depends on the mobile phone type,HTC Sensation XE, a missed call must be created at step 3 to unlock the screen, while the Back button must be pressed on Samsung Galaxy S2, Google Nexus 4 and Sony Xperia Z.

Bak said that Viber has been notified but no update has been released.The video below shows the proof of concept detailing the flaw .

Source Softpedia,Bak

Advertisements