English | Italian

"Here we go again: Viber..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
How to install viber on PC
C3TEK DEMO Viber data summary
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
LEAP 2013 : Accelerating Extraordinary User Experiences on Mobile Devices
Android Video Calling, location data debacle & Android freebies
2.11 Using Your Data to Make Informed Decisions.mp4
Continue »
Pop theme

Ebola usa,Hong Kong protesters,Royal Air Force,Tamil Nadu,PIMCO,Ahmadzai,Michael Phelps,Alan Pardew,windows 10,Taliban

Related theme

these messenger,apps may,free privacy,users

Here we go again: Viber mobile messenger app leaves user data unencrypted


data viber user

2014-04-24 22:56:47

Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.

According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.

All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.

It's the second cryptographic blunder exposed by UNH researchers in as many weeks - the UNH Cyber Forensics Research & Education Groupdisclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted

form.

Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp.

In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.

Data can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber.

In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber's servers by anyone who knows the message URL:

The data is stored on Viber's server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did "not receive a response from them."

In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been "resolved."

This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this.

The fact is that an modern online messaging app shouldn't really be "fixing" this sort of blunder - encryption should have been baked in from the start.

And for all that Viber may have "fixed" its apps to exchange data securely now, it hasn't said anything about addressing the insecurities that UNH found in Viber's cloud, where your messages are stored.

The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark.

That includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various mobile operating systems, and on Blackberry and Nokia phones.

With all of this in mind, Viber's claim that "we aren't aware of a single user who has been affected by this" rings very hollow.

After all, the company didn't bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk.

Leaky mobile apps and data privacy

As is becoming all too common with the new breed of mobile messenger apps - including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be an afterthought.

Although both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security.

Viber, founded in 2010, has had a couple other security incidents in the past year.

In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.

And in April 2013, Viber's support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack.

WhatsApp's founder Jan Koum famously said that "respect for your privacy is coded in our DNA," after his company was bought out by Facebook for $19 billion in March.

That's a nice sentiment, but WhatsApp has made repeated cryptographic blunders that left user data vulnerable.

Another rapidly growing messenger app, Snapchat, ignored warnings from security researchers that the app allowed unlimited searches of user phone numbers - a flaw that led to an attacker dumping 4.6 million usernames and phone numbers online after Snapchat dismissed the attack as "theoretical."

When asked to appear voluntarily before a Congressional hearing on data breaches, Snapchat refused to testify, leading one US Senator to say the company was "hiding something."

Which is ironic, since hiding user data from prying eyes doesn't appear to be one of the company's strengths.

Despite promises it made to users that their private messages would "disappear forever," Snapchat has acknowledged that user Snaps aren't deleted right away from their servers or from users' phones.

These popular messenger apps may be free, but at a cost to privacy for their hundreds of millions of users.

View Original Article: sophos.com
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source sophos.com.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Here we go again: Viber..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"d","i":"897694","t":"CBS Outdoor Closes Acquisition of Outdoor Assets from Van Wagner Communications, LLC","a":1},{"b":"d","i":"897703","t":"Franchise Services of North America Announces Financial Results for the Quarter Ended June 30, 2014","a":2},{"b":"d","i":"897706","t":"Reed Construction Data Echoes Roots with Name Change to CMD","a":3},{"b":"a","i":"1273908","t":"Breaking News - FX Networks Orders Comedy Pilot \"Pariah\" | TheFutonCritic.com","a":4},{"b":"a","i":"1273919","t":"Surge Pricing Is Coming for Your Meal Deliveries Next","a":5},{"b":"a","i":"1273921","t":"Media Stocks Swoon As Wall Street Frets Over Factory Activity And Ebola","a":6},{"b":"a","i":"1273875","t":"Why Esperion Therapeutics (ESPR) Stock Is Soaring in After-Hours Trading Today","a":7},{"b":"a","i":"1273876","t":"Welcome to the Thursday, October 2 news snapshot","a":8},{"b":"a","i":"1273884","t":"US Secret Service head resigns over security breaches","a":9},{"b":"a","i":"1273886","t":"US Secret Service director resigns over security breaches","a":10},{"b":"c","i":"1840402","t":"Verizon Wireless caves to FCC pressure, says it won\u2019t throttle 4G users","a":11},{"b":"a","i":"1273858","t":"11-Year-Old Girl Slays Dance to Nicki Minaj's 'Anaconda'","a":12},{"b":"a","i":"1273845","t":"GameReady® Releases Innovative Wrap for Treatment of Injuries to the Spine, Neck, and Chest","a":13},{"b":"a","i":"1273849","t":"US Secret Service chief resigns - Yahoo!7","a":14},{"b":"d","i":"897629","t":"Australian universities rise in world rankings but report questions proposed tertiary education reforms","a":15},{"b":"c","i":"1840372","t":"Is it Time to Buy Mellanox Technologies?","a":16},{"b":"e","i":"512890","t":"Bank of America CEO Moynihan Named Chairman, Succeeding Holliday","a":17},{"b":"e","i":"512893","t":"Hagel Orders Plans to Improve Military Hospital Care","a":18},{"b":"a","i":"1273792","t":"Top Model (aka L'attrazione) : DVD Talk Review of the DVD Video","a":19},{"b":"d","i":"897569","t":"Formally takes office as a judge","a":20},{"b":"a","i":"1273766","t":"Post Holdings Completes Acquisition of PowerBar and Musashi Brands - Yahoo Finance New Zealand","a":21},{"b":"a","i":"1273767","t":"Allegiant Travel Company Announces the Resignation of Andrew Levy President and Chief Operating Officer","a":22},{"b":"a","i":"1273772","t":"Darling Ingredients Inc. -- Bakery Feeds Group Announces Custom Blenders Acquisition - Yahoo Finance Canada","a":23},{"b":"a","i":"1273774","t":"Phanteks Enthoo Luxe Review","a":24},{"b":"a","i":"1273776","t":"Distribution Dates and Amounts Announced for Certain BlackRock Closed-End Funds - Yahoo Finance UK","a":25},{"b":"a","i":"1273777","t":"Cellular Dynamics to Present at 2014 Stem Cell Meeting on the Mesa - Yahoo7 Finance Australia","a":26},{"b":"a","i":"1273778","t":"Declaration of Regular and Special Distributions Announced for BlackRock Equity Option Closed-End Funds - Yahoo Finance UK","a":27},{"b":"a","i":"1273779","t":"Kaiser Aluminum Announces Third Quarter 2014 Earnings Release and Conference Call - Yahoo Finance New Zealand","a":28},{"b":"d","i":"897510","t":"U.K.'s Hill Faces Second Grilling by EU Parliament Panel","a":29},{"b":"a","i":"1273739","t":"Breaking News - Electus International Unveils Slate for MIPCOM 2014 | TheFutonCritic.com","a":30},{"b":"a","i":"1273742","t":"MURPHY OIL CORPORATION ANNOUNCES REGULAR DIVIDEND, OPERATIONS UPDATE AND EXECUTIVE MANAGEMENT SUCCESSION - Yahoo Finance UK","a":31},{"b":"a","i":"1273744","t":"Agrium Provides Update on Second Half 2014 - Yahoo Finance UK","a":32},{"b":"a","i":"1273747","t":"Guggenheim Investments Announces October 2014 Closed-End Fund Distributions - Yahoo India Finance","a":33},{"b":"a","i":"1273750","t":"Pfenex to Present at 13th Annual BIO Investor Forum\r\n\t\t\t\t\t\t\t\t\t\t\t- BIO Investor Forum to be held October 7-8 in San Francisco -","a":34},{"b":"a","i":"1273752","t":"Global Power Equipment Group Announces New Headquarters and Manufacturing Location for Hetsco - Yahoo Finance New Zealand","a":35},{"b":"c","i":"1840334","t":"Statement by Secretary Johnson about the US Secret Service | Fox News","a":36},{"b":"f","i":"1104016","t":"During Times Like This, Advisors Should Call Their Most Anxious Clients","a":37},{"b":"f","i":"1104021","t":"Stock Market Today: Stocks Dive With Utilities the Only Winning Sector","a":38},{"b":"d","i":"897483","t":"Court: Democrats don't have to run Senate candidate in Kansas","a":39},{"b":"d","i":"897466","t":"Solarrus Expands Solar Asset Management Offering with MaxGen Acquisition","a":40},{"b":"d","i":"897469","t":"The Oddest App Revenue Success Story of 2014?","a":41},{"b":"d","i":"897478","t":"Direct Flow Medical\u00ae, Inc. Receives CE Mark for an Enhanced and Simple to Use Transfemoral Aortic Heart Valve Delivery ...","a":42},{"b":"d","i":"897480","t":"Portola Pharmaceuticals Announces Proposed Offering of Common Stock","a":43},{"b":"d","i":"897482","t":"Ready for the ultimate challenge","a":44},{"b":"d","i":"897486","t":"Tesoro Corporation to Release Third Quarter Earnings","a":45},{"b":"c","i":"1840315","t":"Kaepernick: Alex Smith’s class kept locker room strong in 2012","a":46},{"b":"a","i":"1273719","t":"Credit Suisse Names Hermer to Lead ECM as Reece Departs","a":47},{"b":"a","i":"1273710","t":"Formally takes office as a judge","a":48},{"b":"d","i":"897452","t":"Aina Khan releases Muslim Marriage Project Survey","a":49},{"b":"a","i":"1273687","t":"Clearwater Whole Foods taps growing ‘natural’ market","a":50},{"b":"a","i":"1273696","t":"Darling Ingredients Inc. -- Bakery Feeds Group Announces Custom Blenders Acquisition","a":51},{"b":"c","i":"1840310","t":"US appeals court OKs evidence from no-warrant GPS","a":52},{"b":"d","i":"897440","t":"Computer Guidance Corporation\u2019s Parent Company Creates New Global Branding as JDM Technology Group","a":53},{"b":"d","i":"897447","t":"American Beacon Advisors Launches American Beacon Crescent Short Duration High Income Fund","a":54},{"b":"d","i":"897449","t":"The Applied DNA Sciences Story Reaches Millions on Gizmodo.com","a":55},{"b":"a","i":"1273669","t":"Launch of ACE 2.0: New Calculator Quantifies Value of Manufacturing in America","a":56},{"b":"c","i":"1840295","t":"Cotswold zookeeper rears leopard in bathroom","a":57},{"b":"f","i":"1103995","t":"Borrowed Bucks Uses Building to Spread Breast Cancer Awareness","a":58},{"b":"d","i":"897434","t":"Australian PM not in favor of \u201cburqa\u201d in parliament","a":59},{"b":"d","i":"897437","t":"Javed Hashmi resigns from PTI's presidentship","a":60},{"b":"f","i":"1104093","t":"Ex-Jefferson, NFL player Caldwell pleads guilty to drug charges","a":61},{"b":"d","i":"897431","t":"Wall Street falls 1% on Ebola fears","a":62},{"b":"f","i":"1104009","t":"Jeff Goldblum Shirtless In GE Commercial, And More Of 'What's Trending Today' With Zahra","a":63},{"b":"c","i":"1840245","t":"A Filmmaker Describes The Crazy Process Of Casting Bill Murray In A Movie","a":64},{"b":"b","i":"1213341","t":"Next Trend: DesignHive By Brookfield Launches; An Innovative Collection Of Spec Suites Showcasing The Future Of High-Rise Office Environments As Envisioned By Six Leading Los Angeles Architects - Yahoo Finance Canada","a":65},{"b":"b","i":"1213342","t":"First Defiance Financial Corp. to Release Third Quarter Earnings on October 20 and Host Conference Call and Webcast on October 21 - Yahoo Finance Canada","a":66},{"b":"b","i":"1213345","t":"Essex Credit Corporation Merges with Bank of the West","a":67},{"b":"b","i":"1213319","t":"Grassley campaigns for his former chief of staff","a":68},{"b":"b","i":"1213320","t":"Sturridge decision for Hodgson","a":69},{"b":"b","i":"1213322","t":"Secret Service director resigns","a":70},{"b":"d","i":"897389","t":"1,000 cultural and sports activities ready for holiday","a":71},{"b":"d","i":"897391","t":"Saturday to see record border crossings","a":72},{"b":"d","i":"897392","t":"Nice holiday weather, mosquito bite warning","a":73},{"b":"f","i":"1103957","t":"D2 tennis postseason begins today","a":74},{"b":"b","i":"1213310","t":"Candidates discuss taxes, cooperation","a":75},{"b":"c","i":"1840214","t":"Secret Service director resigns | Fox News","a":76},{"b":"b","i":"1213256","t":"Frenchtown Council has full agenda, but PennEast pipeline employees won't be there","a":77},{"b":"b","i":"1213258","t":"The Wilson Building Has Natitude Again, Will Go Red For Team's Playoff Run","a":78},{"b":"b","i":"1213262","t":"Nutter Signs Pot Decriminalization Bill Into Law","a":79},{"b":"c","i":"1840188","t":"Head of Secret Service Julia Pierson resigns","a":80},{"b":"b","i":"1213236","t":"Credico USA Continues U.S. Expansion - Yahoo India Finance","a":81},{"b":"c","i":"1840180","t":"Secret Service director Julia Pierson to step down","a":82},{"b":"e","i":"512796","t":"Recipe: Fly Away With This Aviation From Meadowsweet's Stephanie Lempert","a":83},{"b":"b","i":"1213216","t":"Eric Schneiderman Announces William Scarborough Indictment | New York Observer","a":84},{"b":"f","i":"1103967","t":"Aaron Hernandez' cellphone the focal point of 'competent' court clash in Fall River","a":85},{"b":"b","i":"1213178","t":"Sturridge decision for Hodgson","a":86},{"b":"b","i":"1213184","t":"Century Club's benefits endure","a":87},{"b":"c","i":"1840143","t":"Snoop Dogg Now Owns Part of Reddit","a":88},{"b":"e","i":"512772","t":"What? Why Is There No Code Name for the ISIS Bombing Campaign? | Mother Jones","a":89},{"b":"e","i":"512773","t":"Happy 90th Birthday Jimmy Carter | Mother Jones","a":90},{"b":"f","i":"1103863","t":"Aaron Hernandez' cellphone the focal point of 'competent' court clash in Fall River","a":91},{"b":"e","i":"512756","t":"The Death of the Blackout Rule, and Why the NFL Fights On | The Nation","a":92},{"b":"b","i":"1213133","t":"Safety warning after inquests into deaths of Megan Roberts and Ben Clarkson in York's rivers","a":93},{"b":"b","i":"1213143","t":"Paper mill celebrates career of longtime employee","a":94},{"b":"c","i":"1840117","t":"Greg Orman holds slight lead over Pat Roberts in new poll","a":95},{"b":"e","i":"512743","t":"Homeland Security Head: 'Core al Qaeda in Afghanistan and Pakistan'","a":96},{"b":"b","i":"1213115","t":"Jindal Holds Meeting on State Preparations to Fight Potential Case of Ebola","a":97},{"b":"b","i":"1213120","t":"FEATURE: Long Beach State's \"Rock\" Lloyd Starts Youth Program","a":98},{"b":"e","i":"512710","t":"Wall Street Tackles Chat Services, Shies Away From Diversity Issues","a":99},{"b":"e","i":"512719","t":"Don\u2019t Expect Hong Kong\u2019s Protests to Spread to the Mainland","a":100}]

      100

      CBS Outdoor Closes Acquisition of Outdoor Assets from Van Wagner Communications, LLC