Warning over bug in Android Viber chat app
- 26 April 2013
- From the section Technology
Security firms are warning about a security bug in the popular Viber app for Android phones.
The flaw in the net phone application lets attackers bypass screen locks and take control of a smartphone.
The app has been downloaded more than 50 million times from Google's Play store according to statistics from the search giant.
Viber said it was aware of the flaw and was preparing to release a fix that would close the loophole.
The flaw was discovered by Vietnamese security firm Bkav and works in different ways depending on which Android phone a victim is using. In a blog post, Bkav said the attack revolved around sending several messages to a victim via Viber.
The free Viber app works like Skype and lets Android phone users send messages and talk for free. Bkav discovered that sending pop-up messages and using some other parts of the Viber app let them circumvent the lock screens that many people use to secure their phones.
"The way Viber handles to pop-up its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear," said Nguyen Minh Duc, head of Bkav's security division. He advised people not to let anyone else use their phone until the bug was fixed.
Viber said it was aware of the flaw and, via its support forum, gave people advice about how to avoid falling victim. It said it was working on a fix and hoped to resolve the issue soon.
The discovery of the bug is the latest in a series of security flaws that have struck apps in Google's Android store. Many cyber thieves are aiming their efforts at the phones in a bid to steal saleable information or generate revenue by getting handsets to call or send messages to premium rate numbers.
Despite this, Martin Borrett, director of IBM's European Institute for Advanced Security, said phone apps were getting more secure faster than other sectors at the same point in their development.
IBM was "optimistic" about the improving security of mobile apps because tools were emerging that made it straightforward to scan code for the bugs and loopholes that cyber thieves seek, he said.
"You cannot expect all developers to be experts in security," he said. "We have to make tools that make it easier for them.
"I think people are more switched on to the issues and are better placed to address them and have the knowledge and tools to counter these threats," he told the BBC.