For the second time in a week, the Israeli VoIP app Viber has been hacked. Viber accuses Apple of leaving the hole opened
Hackers are working overtime trying to embarrass Israeli startup Viber. Yesterday evening Viber’s account on the App Store was compromised and the description of the app was changed to the following message: “We created this app to spy on you, please download it.” The description was changed shortly thereafter but it’s still unclear whether this was the only adjustment the hackers made to the account or whether there was more damage that has yet to come to light.
The Syrian electronic army strikes again
There’s good reason to believe that the attackers are once again members of the hacker group calling themselves the Syrian Electronic Army, which debuted last week when they crashed Viber’s Customer Service, published details about some of Viber’s users and Tweeted a warning to Viber users to uninstall the app.
Providing context to their attacks, the hackers claimed that Viber is a branch of Israel’s secret intelligence and other international spying outfits, stating: “Dear Viber users, The Israeli app Viber is spying on you. We were not able to bring down all of Viber’s systems but most were designed to spy on you and to track you.” Given this history, the description change in the App Store is consistent with this particular hacker group’s MO. What is shocking is how a large company like Viber hosting over 200 million users would allow itself to be embarrassed like this twice within the timeframe of a single week.
Viber argued in response that this was the result of a phishing attack against employees who have administrative access to the App Store account. It is not clear whether this is a new attack or the continued effects of the breakin from last week. The practical side to this question is will we be seeing further embarrassing episodes perpetrated against the company in the days to come.
— SyrianElectronicArmy (@Official_SEA12) July 23, 2013
Viber’s response – “Apple is responsible”
“A few days ago, a hacker gained access to several e-mail accounts associated with the domain Viber.com through a phishing attack. The account has since been updated. Hackers were able to recover data allowing them to corrupt our support site and gain access to our iTunes account which in turn allowed them to change the description text of our app – they also did it a few days ago while vandalizing our support site at the same time. We fixed the problem and removed the problematic account from iTunes.
“Unfortunately, on Saturday it happened again. Upon further investigation we found out that this security loophole in iTunes is still connected. It seems that when you remove a user, that user still remains connected to the account. We hope that Apple will solve the problem soon, because now we have no way to disconnect this user from our side. We have contacted Apple about this and we are waiting for their response.
“At this point, we want to reassure users, that this has no impact on the security of the Viber App, Viber System, our databases, user information, etc. It’s merely an unfortunate nuisance.”