Viber messenger security4/10/2023 In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.Īnd in April 2013, Viber’s support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack. Viber, founded in 2010, has had a couple other security incidents in the past year. Leaky mobile apps and data privacyĪs is becoming all too common with the new breed of mobile messenger apps – including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat – security and privacy of user data seems to be an afterthought.Īlthough both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security. With all of this in mind, Viber’s claim that “we aren’t aware of a single user who has been affected by this” rings very hollow.Īfter all, the company didn’t bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk. That includes users of Viber on the desktop, via Samsung’s Bada ecosystem, on Microsoft’s various mobile operating systems, and on Blackberry and Nokia phones. The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark. The fact is that an modern online messaging app shouldn’t really be “fixing” this sort of blunder – encryption should have been baked in from the start.Īnd for all that Viber may have “fixed” its apps to exchange data securely now, it hasn’t said anything about addressing the insecurities that UNH found in Viber’s cloud, where your messages are stored. As of today we aren't aware of a single user who has been affected by this. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been “resolved.” The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did “not receive a response from them.” There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it. The data is stored on Viber's server in an unencrypted manner. In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber’s servers by anyone who knows the message URL: In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.ĭata can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber. Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp. It’s the second cryptographic blunder exposed by UNH researchers in as many weeks – the UNH Cyber Forensics Research & Education Group disclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted form. Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.Īccording to researchers from the University of New Haven (UNH) in Connecticut, US, Viber’s app sends user messages in unencrypted form – including photos, videos, doodles, and location images.Īll of that rich data from users is also stored unencrypted on Viber’s servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |