English | Italian

"Here we go again: Viber..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
How to install viber on PC
C3TEK DEMO Viber data summary
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
Introducing Viber Desktop Viber for Windows video
Viber Unveils Desktop App
Couchbase Highlight Video Viber Replaces MongoDB with Couchbase 21 29
Continue »
Pop theme

Scottish independence,Gordon Brown,John Key,Taliban,Afghan election,Larry Ellison,Alan Pardew,Pennsylvania State Police,Alan Pardew,LABOUR CONFERENCE

Related theme

these messenger,apps may,free privacy,users

Here we go again: Viber mobile messenger app leaves user data unencrypted


data viber user

2014-04-24 22:56:47

Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.

According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.

All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.

It's the second cryptographic blunder exposed by UNH researchers in as many weeks - the UNH Cyber Forensics Research & Education Groupdisclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted

    No results related

    Add now

form.

Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp.

In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.

Data can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber.

In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber's servers by anyone who knows the message URL:

The data is stored on Viber's server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did "not receive a response from them."

In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been "resolved."

This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this.

The fact is that an modern online messaging app shouldn't really be "fixing" this sort of blunder - encryption should have been baked in from the start.

And for all that Viber may have "fixed" its apps to exchange data securely now, it hasn't said anything about addressing the insecurities that UNH found in Viber's cloud, where your messages are stored.

The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark.

That includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various mobile operating systems, and on Blackberry and Nokia phones.

With all of this in mind, Viber's claim that "we aren't aware of a single user who has been affected by this" rings very hollow.

After all, the company didn't bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk.

Leaky mobile apps and data privacy

As is becoming all too common with the new breed of mobile messenger apps - including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be an afterthought.

Although both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security.

Viber, founded in 2010, has had a couple other security incidents in the past year.

In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.

And in April 2013, Viber's support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack.

WhatsApp's founder Jan Koum famously said that "respect for your privacy is coded in our DNA," after his company was bought out by Facebook for $19 billion in March.

That's a nice sentiment, but WhatsApp has made repeated cryptographic blunders that left user data vulnerable.

Another rapidly growing messenger app, Snapchat, ignored warnings from security researchers that the app allowed unlimited searches of user phone numbers - a flaw that led to an attacker dumping 4.6 million usernames and phone numbers online after Snapchat dismissed the attack as "theoretical."

When asked to appear voluntarily before a Congressional hearing on data breaches, Snapchat refused to testify, leading one US Senator to say the company was "hiding something."

Which is ironic, since hiding user data from prying eyes doesn't appear to be one of the company's strengths.

Despite promises it made to users that their private messages would "disappear forever," Snapchat has acknowledged that user Snaps aren't deleted right away from their servers or from users' phones.

These popular messenger apps may be free, but at a cost to privacy for their hundreds of millions of users.

View Original Article: sophos.com
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source sophos.com.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Here we go again: Viber..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"d","i":"869181","t":"ExpertPages 2014 Survey Reports Expert Witness Hourly Fees Record All-Time Highs as Demand for Qualified Experts Continues to Grow","a":1},{"b":"d","i":"869186","t":"Cheap Wedding Dresses Introduced by PromTrend.com","a":2},{"b":"d","i":"869162","t":"Flood water is gradually receding in Punjab","a":3},{"b":"d","i":"869163","t":"Punjab Chief Minister directs to initiate rehabilitation work","a":4},{"b":"d","i":"869167","t":"Pakistan beat China in Asian Games 2014 hockey event","a":5},{"b":"d","i":"869169","t":"Pakistan should be made self-sufficient in edible oil production","a":6},{"b":"d","i":"869170","t":"Lord Nazir criticizes PM Nawaz's India policy","a":7},{"b":"d","i":"869171","t":"Rulers have failed miserably, government writ invisible: Musharraf","a":8},{"b":"d","i":"869173","t":"India terms Bilawal\u2019s Kashmir statement \u2018far from reality\u2019","a":9},{"b":"d","i":"869174","t":"PIA crew of UK-bound flight briefly refuses to fly in protest","a":10},{"b":"a","i":"1244032","t":"Climate Change March Takes Over London As Thousands Rally In Global Call For Action","a":11},{"b":"a","i":"1244045","t":"Global Carbon Emissions Reach New Record High - Yahoo News Malaysia","a":12},{"b":"a","i":"1244013","t":"Ukraine Today: Russia backs UN draft resolution to combat terrorists (VIDEO)","a":13},{"b":"a","i":"1244017","t":"Slovakia Says Supplies of Russian Gas Still Down One-Quarter","a":14},{"b":"f","i":"1080003","t":"How can we help you today?","a":15},{"b":"d","i":"869157","t":"Elderly man held hostage in Balvanera neighbourhood","a":16},{"b":"d","i":"869158","t":"Russians protest against war in Ukraine","a":17},{"b":"d","i":"869159","t":"Hamilton leads F1 championship after Rosberg retirement","a":18},{"b":"e","i":"505360","t":"Watch Rachel Dratch and Tina Fey Do a Second City Sketch in 1997","a":19},{"b":"a","i":"1243958","t":"NFL scores and results, Week 3","a":20},{"b":"e","i":"505353","t":"Faith Hill Celebrates 47th Birthday | InStyle","a":21},{"b":"c","i":"1821575","t":"Encouraging Climate Action: Try Jam Today","a":22},{"b":"a","i":"1243914","t":"Adventures in Flagstaff bioscience","a":23},{"b":"c","i":"1821566","t":"AM Sacramento: Here’s what you need to know for Sunday","a":24},{"b":"c","i":"1821568","t":"You\u2019ll Never Guess Which Country Has the Most Cows","a":25},{"b":"d","i":"869140","t":"The Curmudgeon on First Fortnight Festivals","a":26},{"b":"f","i":"1079990","t":"Football. ESPN's GameDay is Coming to Our City","a":27},{"b":"a","i":"1243855","t":"SR Geek Picks: Most Batmen in One Place Ever, Top 10 Cartoon Best Friends & More","a":28},{"b":"a","i":"1243860","t":"Say 'No' To Jack Ma's Alibubble","a":29},{"b":"a","i":"1243862","t":"You\u2019ll Never Guess Which Country Has the Most Cows","a":30},{"b":"a","i":"1243807","t":"Smaller receivers find role in modern offenses, and for good reason","a":31},{"b":"a","i":"1243811","t":"Sahara Force India scored 8 points in Singapore","a":32},{"b":"a","i":"1243828","t":"Will Russia Beat America in the Race (Back) to the Moon?","a":33},{"b":"a","i":"1243769","t":"Dubai property boom: New projects worth billions to be unveiled at Cityscape today - Zawya","a":34},{"b":"a","i":"1243781","t":"Goffin Captures Second Title In Metz","a":35},{"b":"e","i":"505328","t":"Blast at Egypt Police Checkpoint in Cairo Kills Officer","a":36},{"b":"c","i":"1821525","t":"Pierce, Rice's replacement, out for Ravens","a":37},{"b":"f","i":"1079971","t":"Terry Bradshaw Won't Appear on Fox Today Following Death of Son-in-Law Rob Bironas","a":38},{"b":"d","i":"869130","t":"In ancient tradition, sumo wrestlers reduce babies to tiny bawling bundles","a":39},{"b":"f","i":"1079911","t":"Kaley Cuoco Sweeting Frustrated She Can't Beat Husband At Tennis","a":40},{"b":"c","i":"1821497","t":"Will Russia Beat America in the Race (Back) to the Moon?","a":41},{"b":"d","i":"869085","t":"Pilots Reflect Assumed Enemy\u2019s Massive Airstrike During Russian Military Drills","a":42},{"b":"d","i":"869045","t":"Indian eves lose to Korea; fetch maiden badminton team bronze","a":43},{"b":"c","i":"1821409","t":"NASA Craft, Nearing Mars, Prepares to Go to Work","a":44},{"b":"f","i":"1079792","t":"Sullivan Street Festival today","a":45},{"b":"c","i":"1821353","t":"People's Climate March To Draw Thousands To Streets Of New York City (WATCH LIVE)","a":46},{"b":"d","i":"869028","t":"China secures two victories in Asiad volleyball","a":47},{"b":"d","i":"869001","t":"Canadians head to U.S. climate protest, call on Harper to attend UN summit","a":48},{"b":"d","i":"869002","t":"Pope denounces 'perverting' religion to justify violence during Albania trip","a":49},{"b":"c","i":"1821317","t":"Mars Maven mission set for arrival","a":50},{"b":"d","i":"868935","t":"St. Rose Shuts Out Southern New Hampshire","a":51},{"b":"d","i":"868938","t":"What happened Saturday, Sept. 20, in college football: Scores and 3 big things","a":52},{"b":"d","i":"868943","t":"Flick: Tim McGraw's good deed, 19 years later","a":53},{"b":"d","i":"868948","t":"Devoted to music","a":54},{"b":"d","i":"868792","t":"Harvesting deserts","a":55},{"b":"d","i":"868797","t":"PTI chief to address rally in Karachi today","a":56},{"b":"d","i":"868725","t":"5 crazy things: Nude rugby player left embarrassed, Dempsey rapping again","a":57},{"b":"d","i":"868736","t":"NATO warns on Ukraine truce as fighters set to pull back","a":58},{"b":"d","i":"868738","t":"Ukraine Today: Russian Foreign Minister slams Council of Europe; Kremlin continues to deny Russian troops presence in ...","a":59},{"b":"d","i":"868707","t":"BJP demands judicial inquiry into Jadavpur University imbroglio and police action","a":60},{"b":"c","i":"1821159","t":"Voices: Beating a child bloody is not 'cultural'","a":61},{"b":"c","i":"1821141","t":"Poverty? Pah. That doesn't REALLY exist any more","a":62},{"b":"c","i":"1821114","t":"Days of Action: Why We Vote","a":63},{"b":"c","i":"1821086","t":"LACMA spotlights '20s German Expressionist films","a":64},{"b":"c","i":"1821067","t":"Blast at Egypt Police Checkpoint in Cairo Kills Officer","a":65},{"b":"c","i":"1820964","t":"Afghan Candidates Agree to Share Power After Disputed Election","a":66},{"b":"c","i":"1820959","t":"UPI Almanac for Sunday, Sept. 21, 2014","a":67},{"b":"c","i":"1820946","t":"Walk to End Alzheimer's sets $1 million fundraising goal","a":68},{"b":"c","i":"1820901","t":"Lew Says Treasury Completing Work on Limiting Inversions Benefit","a":69},{"b":"a","i":"1243715","t":"Today in History","a":70},{"b":"f","i":"1079456","t":"Tim's Takes: 7 things to watch on Sunday","a":71},{"b":"a","i":"1243594","t":"Lovell announces plans for collaboration, investments for MU","a":72},{"b":"a","i":"1243573","t":"Adam Jones hits two homers to lead Orioles to 7-2 win over Red Sox","a":73},{"b":"a","i":"1243577","t":"International congrats for Key government","a":74},{"b":"a","i":"1243556","t":"The Most Improved Free Agents","a":75},{"b":"f","i":"1079412","t":"Lest we forget martial law","a":76},{"b":"f","i":"1079384","t":"College Football Today","a":77},{"b":"c","i":"1820657","t":"Why Does Oktoberfest Start in September?","a":78},{"b":"a","i":"1243487","t":"Dalai Lama slams killings in name of religion","a":79},{"b":"a","i":"1243451","t":"74°(23°C)","a":80},{"b":"a","i":"1243455","t":"Medicaid expansion: 9,000 Randolph residents fall in coverage gap","a":81},{"b":"a","i":"1243432","t":"Commercial Real Estate and Development Conference will focus on major projects\r\nCommercial Real Estate and Development","a":82},{"b":"a","i":"1243394","t":"Filmmakers Look to Virtual Reality and Oculus as the Future of Storytelling","a":83},{"b":"e","i":"505220","t":"Another Cloud Application Monitoring Solution--Ruxit Launches","a":84},{"b":"a","i":"1243298","t":"N.Korean weightlifter breaks world record at Asian Games","a":85},{"b":"a","i":"1243283","t":"Laventille youth enjoy a Toco weekend - Sep 21","a":86},{"b":"a","i":"1243235","t":"Travelife Magazine","a":87},{"b":"f","i":"1079138","t":"College Football Today","a":88},{"b":"a","i":"1243194","t":"Live Coverage Saturday college football","a":89},{"b":"c","i":"1820481","t":"Oculus Rift Crescent Bay hands-on","a":90},{"b":"a","i":"1243176","t":"BizTimes expands team\r\nBiz News","a":91},{"b":"a","i":"1243145","t":"AA Market Move - Price Risen","a":92},{"b":"c","i":"1820410","t":"White House Intruder Had Knife, Claims to Be Iraq Vet","a":93},{"b":"c","i":"1820352","t":"New Zealand election: Re-elected prime minister John Key to meet with minor party leaders","a":94},{"b":"c","i":"1820340","t":"Schnurman: AT&T has an ally in unions","a":95},{"b":"c","i":"1820333","t":"Second White House Incident in Less Than 24 Hours","a":96},{"b":"c","i":"1820317","t":"Second White House Incident in Less Than 24 Hours","a":97},{"b":"c","i":"1820262","t":"Tight end trouble: 49ers promote Sacramento’s Cleveland from practice squad","a":98},{"b":"c","i":"1820261","t":"Tight end trouble: 49ers promote Sacramento’s Cleveland from practice squad","a":99},{"b":"f","i":"1078898","t":"Kim Kardashian West's naked photos leak online?","a":100}]

      100

      ExpertPages 2014 Survey Reports Expert Witness Hourly Fees Record All-Time Highs as Demand for Qualified Experts Continues to Grow