3 replies to this topic

[eyecre8]

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  34.69KB   31 downloads

 

Thanks to CMH714 for bringing this one to our attention.

 

As many as up to 100 million Android phones are affected. The popular app, Viber, a Skype rival has recently confirmed the existence of a bug which may allow people to take control of a locked Android device. Affected Android devices include Samsung, Sony, and HTC, according to a blog post published Tuesday by Bkav Internet Security. 

 

Refer to the following video's for proof of concept demo's:

 

Exploiting Viber to bypass lock screen of Samsung Galaxy S II:

 

Exploiting Viber to bypass lock screen of HTC Sensation XE:

 

Exploiting Viber to bypass lock screen of Sony Xperia Z:

 

Exploiting Viber to bypass lock screen of Google Nexus 4:

 

 

As the above videos demonstrate, the latest vulnerability affects a variety of handsets as long as they 

have Viber installed. Steps for exploiting the bug involve sending a Viber message to the target handset, 

using the notification bar of the target handset to make the Viber keyboard appear, and then manipulating 

model-specific features to bypass the screen lock. According to Google Play, where Viber for Android is available, 

the app has been downloaded anywhere from 50 million to 100 million times

 

 

 

 

 

VIA:

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

[pinoy_92]

so you have to know the stolen phone's number to bypass the lock screen?

[cmh714]

its 

 

so you have to know the stolen phone's number to bypass the lock screen?

 

I gave eye_create the links to notify ppl (as he posted) of a possible issue if they were running Viber. Has nothing to do with a "stolen" phone number. As a moderator of the forum, I just felt it was better for anyone using Viber to know the possible ramifications.

 

pinoy, its why you are often referred to in the chatroom by many people as pinhead, sorry if thats insulting, or mean, but is what it is.

 

Rant off, if the Admins wish to choose to remove my Mod permissions for this post or any others, so be it.

 

Apologies to all, but this IS an informative article coming from a Security person.

 

And even though the article talks about 100 million users, one of the articles stated that there are approximately 800k users with Viber at this moment. So the 100 Million number is really just to grab attention.

 

Again my apologies for any offensive comments.

[pinoy_92]

its 

 

 

I gave eye_create the links to notify ppl (as he posted) of a possible issue if they were running Viber. Has nothing to do with a "stolen" phone number. As a moderator of the forum, I just felt it was better for anyone using Viber to know the possible ramifications.

 

pinoy, its why you are often referred to in the chatroom by many people as pinhead, sorry if thats insulting, or mean, but is what it is.

 

Rant off, if the Admins wish to choose to remove my Mod permissions for this post or any others, so be it.

 

Apologies to all, but this IS an informative article coming from a Security person.

 

And even though the article talks about 100 million users, one of the articles stated that there are approximately 800k users with Viber at this moment. So the 100 Million number is really just to grab attention.

 

Again my apologies for any offensive comments.

pinhead came from a time when we were joking around in the chat room and i have been called any names that has a 'pin' in it. unfortunately it's the only one that stuck around.

 

normally, people would use a lockscreen so that anyone, specially thieves, would not have any access to the owner's files. as for the stolen phone reference, i assumed that nobody has friends that would purposely unlock their friend's phone using this exploit, and go through their personal files. if that is what you call your friends, then maybe you need to reconsider your friends. maybe if you weren't so arrogant you would understand what i meant. sorry if that's insulting, or mean, but is what it is.

 

again my apologies for any offensive comments.