Update: Viber has been in contact with Ausdroid and has told us:
Since this is a major issue, and since we care a lot about our users’ security, we kindly ask that you edit/update the current article, adding our response, and officially stating that we have fixed this issue in matter of days. The fixed version can be found here: http://download.viber.com/viber.apk
It isn’t all that common that we come across news like this for Android, but unfortunately, it’s not as uncommon as it should be. It seems that Viber, the popular VoIP app for Android, has run into a little bit of a problem. With a little work it seems that it’s possible for someone to gain full access to your device via the Viber app.
There’s a catch in this — it’s not remote access; to gain access to whatever is on your phone, you’d need to be running Viber, and for your phone to be accessible to the perpetrator of the ‘attack’.
In fact, the attack is nothing more complicated than sending a couple of messages to the victim’s phone. It seems that Viber’s message popup disables or bypasses the default Android lockscreen, allowing anyone who has physical access to your device (and the ability to send you Viber messages) to get access to your naughty photos and to email them to your boss pretending to be you.
This is a really low-tech ‘hack’, and the chances of this being exploited to do you any harm are pretty slim, but it does demonstrate a valid point — don’t rely on a simple lock-screen to protect your data, as these can be quite easily bypassed in a number of ways; this Viber example is just one amongst many. If someone can gain physical access to your phone, they might as well have access to anything that’s on it.
What can you do to protect yourself against hacks like this? Keep any really sensitive information off your device in the first place, encrypt it or store it in some kind of secure-storage application. That, and keep your phone on your person and don’t leave it lying around… simple things, really.
The makers of Viber are working on a fix, and say they’ll have a solution in a week or so. Until then, keep an eye on your device.