Update (April 27): Viber Media notified us to officially state that they have fixed this issue in matter of days. The fixed version can be found here: http://download.viber.com/viber.apk
What is Viber?
Viber is a VoIP communication client which allows you to send messages and place calls using the internet. But there is a limitation that the person with whom you are trying to communicate also needs to have Viber installed. If you are familiar with apps or services such as WhatsApp and Samsung’s Chat On, Viber can be considered as a similar product.
How is Viber a threat to your private data?
Bkav Internet Security has discovered an exploit, or a vulnerability in the Viber messaging app, which can, if in the hands of the wrong person, give full access to the smart phone even if there is a lock applied to the smart phone. The exploit uses the vulnerability present in the pop up notification feature of the app.
Whenever you get a message on Viber, the app puts a pop up on your smart phone screen displaying the message. This feature can be used to gain full access to the smart phone’s home screen, with just a few taps. The exploit is not too easy to achieve. But if the person can get to your smart phone and use it for a few minutes, the person can get access to your smart phone, as shown in the video.
What is the solution?
For now, as a workaround, you can disable the pop up notification feature of the app. The company has promised that it will be coming up with a solution to this vulnerability soon in the form of a software update. You will have to keep an eye on that with the pop up disabled.