“You
cannot expect all developers to be experts in security. We have to make tools
that make it easier for them”
Martin
Borrett
Security
firms are warning about a security bug in the popular Viber app for Android
phones.
The
flaw in the net phone application lets attackers bypass screen locks and take
control of a smartphone.
The
app has been downloaded more than 50 million times from Google's Play store
according to statistics from the search giant.
Viber
said it was aware of the flaw and was preparing to release a fix that would
close the loophole.
The
flaw was discovered by Vietnamese security firm Bkav and works in different
ways depending on which Android phone a victim is using. In a blog post, Bkav said the attack revolved around
sending several messages to a victim via Viber.
The
free Viber app works like Skype and lets Android phone users send messages and
talk for free. Bkav discovered that sending pop-up messages and using some
other parts of the Viber app let them circumvent the lock screens that many
people use to secure their phones.
"The
way Viber handles to pop-up its messages on smartphones' lock screen is
unusual, resulting in its failure to control programming logic, causing the
flaw to appear," said Nguyen Minh Duc, head of Bkav's security division.
He advised people not to let anyone else use their phone until the bug was
fixed.
Viber
said it was aware of the flaw and, via
its support forum, gave
people advice about how to avoid falling victim. It said it was working on a
fix and hoped to resolve the issue soon.
The
discovery of the bug is the latest in a series of security flaws that have
struck apps in Google's Android store. Many cyber thieves are aiming their
efforts at the phones in a bid to steal saleable information or generate
revenue by getting handsets to call or send messages to premium rate numbers.
Despite
this, Martin Borrett, director of IBM's European Institute for Advanced
Security, said phone apps were getting more secure faster than other sectors at
the same point in their development.
IBM
was "optimistic" about the improving security of mobile apps because
tools were emerging that made it straightforward to scan code for the bugs and
loopholes that cyber thieves seek, he said.
"You
cannot expect all developers to be experts in security," he said. "We
have to make tools that make it easier for them.
"I
think people are more switched on to the issues and are better placed to
address them and have the knowledge and tools to counter these threats,"
he told the BBC.
No comments:
Post a Comment