Vulnerability in Viber Allows Hackers to Bypass LockScreen

Viber vulnerability

Security researchers from BKav has identified a vulnerability in popular VoIP app. Viber allows users to call for free, send text messages and share photos. This newly found security vulnerability can allow attacker to bypass the lock screen and then gain full access to smartphone.

Viber vulnerability

More than 100 million users use viber and all users are now at risk. Bkv researchers also uploaded few videos that demonstrate how this attack can be performed. They demonstrated this vulnerability on Samsung Galaxy S II, HTC Sensation XE, Google Nexus 4 and Xperia Z.

Mechanism of exploiting Viber and bypassing differ in different smartphones. But basic steps are same.

Specifically, steps to exploit are as follows:

1. Send Viber message to victim

2. Combine actions on Viber message popups with tricks like using victim’s notification bar, sending other Viber messages, etc. to make Viber keyboard appear

3. Once Viber keyboard has appeared, to fully access the device, create missed call to victim (with HTC Sensation XE), press Back button (with Google Nexus 4, Samsung Galaxy S2, Sony Xperia Z), etc.


“The way Viber handles to popup its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” said Mr. Nguyen Minh Duc, Director of Bkav’s Security Division.

You can see source link below to see all demonstration videos of this bypass method. Viber was notified about this vulnerability but no responses from the company has been received. Viber will soon patch the issue. If you are viber user, make sure to check for latest updates.

Source

Share this article
Shareable URL
Prev Post

5 Reasons Why Windows Phone OS Based Lumia Smartphones Failed To Attract Customers

Next Post

Firefox OS Phones Were On Sale, Sold Out in Few Hours

Leave a Reply
Read next
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.
0
Share