"There's no such thing as free lunch" and though Viber, the beloved free calling and messaging app, seemed to prove this old saying wrong till now, Android users may come to bear witness to the irrefutability of it. Viber could actually be letting hackers gain control of your Android phone by bypassing the lock screen.
Viber is arguably second to only Skype in data calling and messaging and has been a massive hit on all platforms allowing users to save their precious credit and call minutes by sending messages and making calls over a data connection.
A Vietnamese security firm were first to notice the loophole and the possible breach allows attackers through the phone's lock screen protocol consequently allowing them access to the phone's controls and everything else stored within.
The attack is carried out through messages sent and calls made to the victim through Viber; it uses the fact the that the app lets you reply to a message through a pop-up without having to unlock your handset.
"The way Viber handles to pop-up its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear," said Nguyen Minh Duc, director of Bkav's security division.
The good news is the people over at Viber know about this loophole and are currently working on a fix(hopefully permanent) for it. In the meantime though it advises users to uncheck "unlock for popups" in their settings menu to safeguard against potential attacks or intrusion.
