English | Italian

"Researchers slurp unencrypted..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
Easily Recover Viber Calls & Messages from iPhone 6+/6/5S/5C/5/4S/4/3GS
How to Recover Viber Contacts from iPhone from/without iTunes, iCloud Backup
C3TEK DEMO Viber data summary
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
G Data Internet Security for Android
Matrix Data Solution India
Continue »
Pop theme

Bibeau,Europe budget,Joko Widodo,Ebola Virus,Bharatiya Janata Party,Oscar Pistorius,Dilma Rousseff,Jeffrey Fowle,Taylor Swift,Zellweger

Related theme

same team,new haven,research whatsapp,location

Researchers slurp unencrypted Viber messaging data with ease


data viber received

2014-04-24 05:26:48

Combat fraud and increase customer satisfaction

Popular Whatsapp-like messaging service Viber is exposing users to man-in-the-middle and other attacks because it isn’t encrypting various data at rest and in transit, security researchers have warned.

The mobile app allows users to send each other messages, videos, images and “doodles”, share GPS location details and make voice calls.

However, researchers at the University of New Haven Cyber Forensics Research and Education Group (UNHcFREG) found a “serious security flaw” in the way Viber receives videos, images and doodle files; the way it sends and receives location data; and the way it stores data on its Amazon servers.

The team’s experimental network created a rogue access point utilising a Windows 7 PC’s Virtual Wi-Fi Miniport Adapter and a first smartphone connected to the same network.

It then connected a second smartphone outside the network via GSM and used it to exchange data with the first smartphone over Viber.

It said that with tools such as NetworkMiner, Wireshark, and NetWitness it was able to capture traffic sent over the test network.

Specifically, the team claimed that images, doodles and videos received are unencrypted; location data sent and received is unencrypted; and data is stored on the Viber Amazon servers in unencrypted format.

Further, it said user data stored on Viber's Amazon servers is not deleted immediately and that it can be easily accessed without any authentication mechanism – “simply visiting the intercepted link on a web browser gives us complete access to the data”.

The researchers added the following:

Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone.

UNHcFREG said it had already informed Viber of the security flaws but received no word back at the time of publishing. A video of the test (h/t The Hacker News) can be found here.

It recommended Viber ensure all data in transit is sent over an encrypted tunnel, that data is encrypted properly when saved and that it access to it must require authentication.

The Israeli-backed messaging service, based in Cyprus, was recently acquired for $900 million by Japanese e-commerce giant Rakuten in a bid to take the firm “to a different level”.

For the record, the same team of New Haven uni testers last week published research claiming a bug in Whatsapp's "location sending" feature. ®

SANS - Survey on application security programs

View Original Article: theregister.co.uk
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source theregister.co.uk.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Researchers slurp unencrypted..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"f","i":"1156056","t":"Pershing Square Holdings, Ltd. Releases Regular Weekly Net Asset Value","a":1},{"b":"d","i":"957848","t":"Red Ribbon Week is Oct. 24-31, and this year's theme is \"Love Yourself, Be Drug Free.\"","a":2},{"b":"d","i":"957856","t":"Mayor linked to missing students","a":3},{"b":"a","i":"1332614","t":"From Bush to Obama: American exceptionalism is a plague on our collective conscience","a":4},{"b":"a","i":"1332622","t":"Limbkeepers® to be Featured on Upcoming Episode of Innovations with Ed Begley, Jr.","a":5},{"b":"b","i":"1270761","t":"Sigma Systems Evolve User Conference Partners With Salesforce","a":6},{"b":"b","i":"1270767","t":"Entertainment Experience LLC Receives Patent for its Next-Generation Image Processing Tech","a":7},{"b":"b","i":"1270769","t":"North American Bancard Acquires Electronic Payment Exchange (EPX)","a":8},{"b":"a","i":"1332559","t":"10 Things to Know for Today","a":9},{"b":"a","i":"1332562","t":"Facebook allows private chat with 'Rooms' app","a":10},{"b":"d","i":"957816","t":"Friday's weather forecast","a":11},{"b":"d","i":"957822","t":"UTStarcom to Participate in Jefferies 4th Annual Asia Corporate Access Summit","a":12},{"b":"b","i":"1270726","t":"Osborne: I don't accept there is no 'feel good factor'","a":13},{"b":"a","i":"1332533","t":"Serbia and Albania Penalized by UEFA For Belgrade Soccer Brawl","a":14},{"b":"c","i":"1882408","t":"New York Today: Ebola Arrives, and Calm Is Urged","a":15},{"b":"a","i":"1332502","t":"Q3 State of Infections Report Reveals 57% Increase in Backoff Malware \n from August to September","a":16},{"b":"d","i":"957762","t":"Stability key to investor confidence","a":17},{"b":"d","i":"957763","t":"Valencia Open: Andy Murray homes in on showdown with David Ferrer and stays on course for World Tour finals","a":18},{"b":"c","i":"1882388","t":"The Queen Of England Just Used An iPad To Send Her First Tweet","a":19},{"b":"d","i":"957770","t":"Yuan Forwards Drop, Paring Weekly Gain, as Slowdown Woes Deepen","a":20},{"b":"d","i":"957771","t":"Whirlpool Completes Acquisition Of Majority Stake In Hefei Sanyo","a":21},{"b":"b","i":"1270691","t":"Today In History, October 24","a":22},{"b":"a","i":"1332517","t":"Zyno Medical, LLC Receives FDA 510(k) Clearance for Ambulatory Infusion Pump - Yahoo Finance Canada","a":23},{"b":"d","i":"957772","t":"KLCI ekes out last minute gains","a":24},{"b":"f","i":"1155986","t":"Lear Reports Record Third Quarter Sales and Earnings and Increases 2014 Financial Outlook","a":25},{"b":"b","i":"1270671","t":"7 things McDonald’s really wants you to forget","a":26},{"b":"b","i":"1270673","t":"It's Free Stuff Friday!","a":27},{"b":"f","i":"1155973","t":"11 Wonderfully Weird Facts You Might Not Know About 'Weird Al' Yankovic","a":28},{"b":"a","i":"1332475","t":"Man shot, killed in fifth homicide this week","a":29},{"b":"a","i":"1332452","t":"IDEXX Laboratories Announces Third Quarter Results - Yahoo Finance Canada","a":30},{"b":"d","i":"957722","t":"Tung: Gov't is listening, acting","a":31},{"b":"a","i":"1332463","t":"Congress leaders did not meet PM Narendra Modi as they are not concerned about the people: BJP","a":32},{"b":"a","i":"1332442","t":"India wants peace with China but not at cost of honour:Rajnath","a":33},{"b":"f","i":"1155950","t":"10 Things to Know for Today","a":34},{"b":"f","i":"1156006","t":"10 Things to Know for Today","a":35},{"b":"f","i":"1155951","t":"10 things to know about Friday","a":36},{"b":"f","i":"1155968","t":"Ebola Today: NYC Doctor Tests Positive for Ebola","a":37},{"b":"f","i":"1155977","t":"Female ferns decide battle of the sexes","a":38},{"b":"f","i":"1155970","t":"10 things to know today","a":39},{"b":"c","i":"1882363","t":"Paschi Soars on Report It Won\u2019t Need to Sell Stock","a":40},{"b":"a","i":"1332432","t":"GDP up 0.7 per cent but recovery is slowing","a":41},{"b":"b","i":"1270595","t":"Bond International Software partners with Dynatrace","a":42},{"b":"d","i":"957699","t":"Today in sports history","a":43},{"b":"a","i":"1332399","t":"Legal-Bay Continues to Assist Victims of Prison Rape and Prison Injuries through Lawsuit Settlement Funding Services\r\n\t\t\t\t\t\t\t\t\t\t\tCase Funding Firm Hopes to Bring to Light Corruption and Injustices Occurring in Prisons Throughout the U.S.","a":44},{"b":"d","i":"957654","t":"Shares In Morgan Sindall Group PLC Crashed On Profit Warning","a":45},{"b":"d","i":"957635","t":"Spanish Verbs in 2 Minutes Just Released on YouTube by LanguageAudiobooks.com","a":46},{"b":"d","i":"957641","t":"Premonitions: Halloween events to haunt your week","a":47},{"b":"d","i":"957620","t":"First Alert Forecast: Cloudier to end off the work week, but sunny skies and warmer temps for the weekend","a":48},{"b":"a","i":"1332361","t":"Pacquiao's promoter upset by basketball debut - Yahoo South Africa News","a":49},{"b":"e","i":"529252","t":"Today in History for October 24th","a":50},{"b":"c","i":"1882318","t":"Serena Williams Clinches Year-End No. 1 Ranking for 4th Time","a":51},{"b":"a","i":"1332325","t":"SLOW FOOD FOUNDER CARLO PETRINI AND TOP CHEF JAMIE OLIVER ENDORSE THE BARILLA FOUNDATION'S MILAN PROTOCOL","a":52},{"b":"b","i":"1270528","t":"Astrological Forecasts for 10\/24\/2014","a":53},{"b":"b","i":"1270539","t":"Make No Mistake, 'Birdman' Could Blitz the Oscars in 2015","a":54},{"b":"b","i":"1270544","t":"Good morning -- 11 things going on today","a":55},{"b":"d","i":"957575","t":"US stocks and sectors to watch after NY Ebola case","a":56},{"b":"d","i":"957584","t":"Ebola epidemic likely to explode by mid-December","a":57},{"b":"a","i":"1332321","t":"Investment Daily Research","a":58},{"b":"a","i":"1332309","t":"Ole Miss balancing act: Dixie and diversity mix as Rebels play their best football since 1962","a":59},{"b":"c","i":"1882297","t":"Egyptian Philae obelisk revealed anew","a":60},{"b":"d","i":"957535","t":"Ebola epidemic likely to explode by mid-December: Study","a":61},{"b":"c","i":"1882290","t":"The 10 Things You Need To Know In Advertising This Morning","a":62},{"b":"c","i":"1882294","t":"Magnit Shrugs off Russia Food Import Ban With Sales Rise","a":63},{"b":"c","i":"1882295","t":"U.K. Economic Growth Slows as Obstacles to Recovery Mount","a":64},{"b":"b","i":"1270488","t":"Ashya set to finish proton therapy","a":65},{"b":"b","i":"1270492","t":"Ashya set to finish proton therapy","a":66},{"b":"a","i":"1332279","t":"Equal Earth Offers Hawaii Customers Off-Grid Solar Financing Solutions; Plans to Expand to New Markets","a":67},{"b":"a","i":"1332282","t":"Rolls-Royce Plans Low-Cost Transmissions Factory Location","a":68},{"b":"d","i":"957526","t":"The thinking Malay is dangerous","a":69},{"b":"b","i":"1270469","t":"Germany's BASF cuts 2015 profit outlook","a":70},{"b":"b","i":"1270476","t":"Germany's BASF warns on profits and shares drop","a":71},{"b":"b","i":"1270477","t":"Warning over Morgan Sindall results","a":72},{"b":"e","i":"529246","t":"Celebrity birthdays: Caprice turns 43","a":73},{"b":"b","i":"1270465","t":"Hypertherm Introduces HyAccess Consumables for Cutting Hard to Reach Areas","a":74},{"b":"b","i":"1270434","t":"Will HSBC Holdings plc Be Forced To Slash The Dividend? - Yahoo Finance UK","a":75},{"b":"b","i":"1270435","t":"Today in the press","a":76},{"b":"b","i":"1270423","t":"Amazon Web Services Direct Connect Service Now Available in Germany at Equinix Data Centers\r\n\t\t\t\t\t\t\t\t\t\t\tExtends AWS Direct Connect availability to eight Equinix data centers, globally","a":77},{"b":"b","i":"1270406","t":"Pac Con unites your childhood heroes","a":78},{"b":"a","i":"1332209","t":"Tiempo calendar: Paul Rodriguez, Haunted UTEP Tour, Ghost Stories by Moonlight","a":79},{"b":"d","i":"957482","t":"A 'special' touch that made a toddler walk, feel","a":80},{"b":"d","i":"957469","t":"A Different Drummer: Two Sides of Janis GA rlich","a":81},{"b":"a","i":"1332193","t":"Merseyside psychiatric staff on strike at Ashworth hospital","a":82},{"b":"d","i":"957455","t":"Today, Oct. 24","a":83},{"b":"b","i":"1270389","t":"Subscriber Services","a":84},{"b":"a","i":"1332175","t":"Drop in Shropshire pupils getting top GCSE grades","a":85},{"b":"b","i":"1270369","t":"Wellness Uprising Offers Safe, Natural, Effective Solutions for Today's Health Concerns","a":86},{"b":"c","i":"1882228","t":"China Pushes Regional Bank Without South Korea, Australia","a":87},{"b":"b","i":"1270338","t":"Costing Cameron his credibility: the EU tells Britain to pay an extra \u00a31.7bn to its budget","a":88},{"b":"b","i":"1270339","t":"Recent events part of ‘racial hate’ conspiracy","a":89},{"b":"a","i":"1332130","t":"New Oriental Announces Results for the First Quarter Ended August 31, 2014 - Yahoo Finance Canada","a":90},{"b":"a","i":"1332131","t":"Amazon Web Services Direct Connect Service Now Available in Germany at Equinix Data Centers - Yahoo Finance Canada","a":91},{"b":"b","i":"1270327","t":"Italy Strikes Kick Off to Protest Renzi\u2019s Labor Measures","a":92},{"b":"e","i":"529215","t":"New Fiscal Year Resolutions","a":93},{"b":"d","i":"957409","t":"PureHD Chooses VideoPropulsion FloodGate for Cable IPTV in Luxury Hotels around the US","a":94},{"b":"d","i":"957415","t":"Pomeroy Joins Google for Work Partner Program","a":95},{"b":"b","i":"1270306","t":"12 Angry Jurors wraps up successful run","a":96},{"b":"a","i":"1332093","t":"Water Tower Festival, 10K on tap","a":97},{"b":"b","i":"1270294","t":"UPI Almanac for Friday, Oct. 24, 2014","a":98},{"b":"f","i":"1155617","t":"Your Top Plays for Today","a":99},{"b":"c","i":"1882199","t":"MH-17: The Untold Story","a":100}]

      100

      Pershing Square Holdings, Ltd. Releases Regular Weekly Net Asset Value