Warning over bug in Android Viber chat app

Screengrab of Viber on Google Play The flaw revolves around the way that Viber handles repeated pop-up messages

Related Stories

Security firms are warning about a security bug in the popular Viber app for Android phones.

The flaw in the net phone application lets attackers bypass screen locks and take control of a smartphone.

The app has been downloaded more than 50 million times from Google's Play store according to statistics from the search giant.

Viber said it was aware of the flaw and was preparing to release a fix that would close the loophole.

The flaw was discovered by Vietnamese security firm Bkav and works in different ways depending on which Android phone a victim is using. In a blog post, Bkav said the attack revolved around sending several messages to a victim via Viber.

The free Viber app works like Skype and lets Android phone users send messages and talk for free. Bkav discovered that sending pop-up messages and using some other parts of the Viber app let them circumvent the lock screens that many people use to secure their phones.

"The way Viber handles to pop-up its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear," said Nguyen Minh Duc, head of Bkav's security division. He advised people not to let anyone else use their phone until the bug was fixed.

Start Quote

You cannot expect all developers to be experts in security. We have to make tools that make it easier for them”

End Quote Martin Borrett

Viber said it was aware of the flaw and, via its support forum, gave people advice about how to avoid falling victim. It said it was working on a fix and hoped to resolve the issue soon.

The discovery of the bug is the latest in a series of security flaws that have struck apps in Google's Android store. Many cyber thieves are aiming their efforts at the phones in a bid to steal saleable information or generate revenue by getting handsets to call or send messages to premium rate numbers.

Despite this, Martin Borrett, director of IBM's European Institute for Advanced Security, said phone apps were getting more secure faster than other sectors at the same point in their development.

IBM was "optimistic" about the improving security of mobile apps because tools were emerging that made it straightforward to scan code for the bugs and loopholes that cyber thieves seek, he said.

"You cannot expect all developers to be experts in security," he said. "We have to make tools that make it easier for them.

"I think people are more switched on to the issues and are better placed to address them and have the knowledge and tools to counter these threats," he told the BBC.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

Five steps to colonising Mars

Checklist for life on the Red Planet Read more...

Programmes

  • The Wrecking Crew OrchestraClick Watch

    The Japanese dance group using wearable technology to light up their act

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.