English | Italian

"Here we go again: Viber..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
Easily Recover Viber Calls & Messages from iPhone 6+/6/5S/5C/5/4S/4/3GS
How to Recover Viber Contacts from iPhone from/without iTunes, iCloud Backup
How to install viber on PC
C3TEK DEMO Viber data summary
LibreSSL, Linux Foundation, Play Store refunds and Viber shabbiness - 60 Sec Security
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
Continue »
Pop theme

John Cantlie,Republican Party,Ebola Virus,Fireworks Stafford,Burkina Faso,Ukraine gas,David Cameron,Andy Murray,Peshmerga,Marvel Comics

Related theme

these messenger,apps may,free privacy,users

Here we go again: Viber mobile messenger app leaves user data unencrypted


data viber user

2014-04-24 22:56:47

Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.

According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.

All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.

It's the second cryptographic blunder exposed by UNH researchers in as many weeks - the UNH Cyber Forensics Research & Education Groupdisclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted

    No results related

    Add now

form.

Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp.

In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.

Data can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber.

In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber's servers by anyone who knows the message URL:

The data is stored on Viber's server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did "not receive a response from them."

In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been "resolved."

This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this.

The fact is that an modern online messaging app shouldn't really be "fixing" this sort of blunder - encryption should have been baked in from the start.

And for all that Viber may have "fixed" its apps to exchange data securely now, it hasn't said anything about addressing the insecurities that UNH found in Viber's cloud, where your messages are stored.

The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark.

That includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various mobile operating systems, and on Blackberry and Nokia phones.

With all of this in mind, Viber's claim that "we aren't aware of a single user who has been affected by this" rings very hollow.

After all, the company didn't bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk.

Leaky mobile apps and data privacy

As is becoming all too common with the new breed of mobile messenger apps - including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be an afterthought.

Although both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security.

Viber, founded in 2010, has had a couple other security incidents in the past year.

In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.

And in April 2013, Viber's support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack.

WhatsApp's founder Jan Koum famously said that "respect for your privacy is coded in our DNA," after his company was bought out by Facebook for $19 billion in March.

That's a nice sentiment, but WhatsApp has made repeated cryptographic blunders that left user data vulnerable.

Another rapidly growing messenger app, Snapchat, ignored warnings from security researchers that the app allowed unlimited searches of user phone numbers - a flaw that led to an attacker dumping 4.6 million usernames and phone numbers online after Snapchat dismissed the attack as "theoretical."

When asked to appear voluntarily before a Congressional hearing on data breaches, Snapchat refused to testify, leading one US Senator to say the company was "hiding something."

Which is ironic, since hiding user data from prying eyes doesn't appear to be one of the company's strengths.

Despite promises it made to users that their private messages would "disappear forever," Snapchat has acknowledged that user Snaps aren't deleted right away from their servers or from users' phones.

These popular messenger apps may be free, but at a cost to privacy for their hundreds of millions of users.

View Original Article: sophos.com
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source sophos.com.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Here we go again: Viber..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"g","i":"41158","t":"Mommies Go Nuts Over New Design Stroller Organizer","a":1},{"b":"d","i":"977874","t":"Photos: Climbing center","a":2},{"b":"a","i":"1362867","t":"Upper Dublin Horse Company to hold event at First Presbyterian Church of Ambler","a":3},{"b":"a","i":"1362848","t":"A 'hard,' deadly day for space tourism | National News - WLWT Home","a":4},{"b":"b","i":"1299569","t":"VIDEO: Pearl S. Buck International hosts naturalization ceremonies for 48 new American citizens","a":5},{"b":"a","i":"1362830","t":"Maine nurse won't submit to Ebola quarantine, lawyer says","a":6},{"b":"b","i":"1299542","t":"Strong Q3 show from Bakkafrost","a":7},{"b":"b","i":"1299533","t":"SUSE Cranks Enterprise Linux to 12","a":8},{"b":"b","i":"1299537","t":"Massachusetts, New Hampshire election coverage","a":9},{"b":"b","i":"1299518","t":"NMSU FOOTBALL: Five keys to beat the Bobcats","a":10},{"b":"a","i":"1362758","t":"Key weighs sending Kiwi medics to help with Ebola crisis","a":11},{"b":"a","i":"1362739","t":"Montco officials monitoring West Africa travelers for Ebola","a":12},{"b":"c","i":"1897244","t":"The Coming November Wars","a":13},{"b":"a","i":"1362727","t":"PM Narendra Modi greets Karnataka on state formation day","a":14},{"b":"f","i":"1175097","t":"Frights and sights 2014 Halloween parties","a":15},{"b":"f","i":"1175116","t":"Taco Bell unveils mobile app for ordering","a":16},{"b":"b","i":"1299463","t":"U.S. Secretary of Commerce Penny Pritzker Announces Next Phase of Investing in Manufacturing Communities Partnership Initiative","a":17},{"b":"a","i":"1362715","t":"Mexico frees jailed U.S. Marine reservist | National News - WGAL Home","a":18},{"b":"a","i":"1362719","t":"Family 'overjoyed' U.S. Marine reservist freed from Mexican prison","a":19},{"b":"b","i":"1299500","t":"Development picks up as region's industrial market gets even hotter\r\nReal Estate","a":20},{"b":"b","i":"1299502","t":"The Tannery sold to Madison-based real estate firm","a":21},{"b":"b","i":"1299508","t":"Nik Wallenda Is Ready for His Chicago Tightrope Walk","a":22},{"b":"b","i":"1299446","t":"Connecticut Junk Hunters Find Human Skulls In Deceased Man\u2019s Home","a":23},{"b":"b","i":"1299449","t":"The Institutes for the Achievement of Human Potential Launches The Pathway to Wellness: A New Online Community for Parents of Children with Special Needs","a":24},{"b":"a","i":"1362674","t":"U.S. Census Bureau Daily Feature for November 1","a":25},{"b":"a","i":"1362676","t":"These Gun Control Ads Will Actually Be The Scariest Thing You See Today","a":26},{"b":"b","i":"1299422","t":"Resolute Forest Products Reports Preliminary Third Quarter 2014 Results","a":27},{"b":"f","i":"1175052","t":"Hornets expect physical contest","a":28},{"b":"f","i":"1175056","t":"Today in History","a":29},{"b":"d","i":"977834","t":"Panorama Festival 2014","a":30},{"b":"f","i":"1175087","t":"Space Tourism Isn't Worth Dying For","a":31},{"b":"c","i":"1897200","t":"Shep Smith to PA Police Officials: Don\u2019t You Kind of Wish Eric Frein Had Resisted?","a":32},{"b":"b","i":"1299416","t":"Navarro, Muguruza into WTA Sofia semis","a":33},{"b":"f","i":"1175061","t":"Green Dream, or Crimson Title: Game Could Decide Ivy Crown","a":34},{"b":"f","i":"1175063","t":"Sergey Kovalev Deerfield Beach Media Workout Quotes","a":35},{"b":"b","i":"1299393","t":"Green Market opens in Royal Palm Beach","a":36},{"b":"f","i":"1175064","t":"LIVE! Bangalore is officially Bengaluru from today","a":37},{"b":"f","i":"1175092","t":"Virgin Galactic's commercial spacecraft crashes, kills co-pilot","a":38},{"b":"e","i":"535356","t":"Leaked FCC Report Details Weak \"Hybrid\" Plans For Net Neutrality","a":39},{"b":"b","i":"1299357","t":"U.S. Deputy Commerce Secretary Bruce Andrews Delivers Closing Remarks at First-Ever Investing In Manufacturing Communities Partnership Summit","a":40},{"b":"b","i":"1299363","t":"San Diego Economic Indicators Point Up","a":41},{"b":"a","i":"1362569","t":"The Inquirer and Mirror","a":42},{"b":"a","i":"1362571","t":"Huawei to Invest $500 Million into Ontario over next 5 years","a":43},{"b":"b","i":"1299366","t":"Fox elected as new co-leader","a":44},{"b":"f","i":"1175010","t":"Santa Visiting VHS for Pet Pictures this Weekend","a":45},{"b":"b","i":"1299368","t":"Narendra Modi should have gone to pay tribute to Indira Gandhi: ND Tiwari","a":46},{"b":"f","i":"1174954","t":"Green Dream, or Crimson Title: Game Could Decide Ivy Crown","a":47},{"b":"f","i":"1174958","t":"Section 8 transfer not so smooth","a":48},{"b":"b","i":"1299323","t":"China's Orient Paper Temporarily Suspends Production Due to Government Mandate","a":49},{"b":"b","i":"1299327","t":"Fireworks blaze search to resume","a":50},{"b":"a","i":"1362556","t":"Mystery Witness at the Jodi Arias Trial","a":51},{"b":"b","i":"1299303","t":"Orchids Paper Products Posts Record Third Quarter 2014 Results on Improved Sales","a":52},{"b":"b","i":"1299295","t":"Theater Group Presents 'Dearly Departed'","a":53},{"b":"a","i":"1362476","t":"Nita Ambani to celebrate birthday in Modi\u2019s Varanasi","a":54},{"b":"a","i":"1362489","t":"Will broad family tax relief equal votes? - Revelstoke Times Review","a":55},{"b":"b","i":"1299277","t":"Castle Hills resident turns home into haunted castle","a":56},{"b":"b","i":"1299275","t":"November 1, 2014","a":57},{"b":"b","i":"1299246","t":"Prices Soar For Some Generic Drugs — Why?","a":58},{"b":"b","i":"1299251","t":"Today's Clickers","a":59},{"b":"a","i":"1362404","t":"Theater Group Presents 'Dearly Departed'","a":60},{"b":"a","i":"1362407","t":"Featured Brokers","a":61},{"b":"f","i":"1175030","t":"OPINION: Halloween is your chance to act like a kid again","a":62},{"b":"b","i":"1299226","t":"GBH Announces Selection to INSIDE Public Accounting's Best of the Best Firms List for 2014","a":63},{"b":"a","i":"1362379","t":"WWE Comments on Current Lawsuits, Says Billy Jack Haynes Claims Are Without Merit","a":64},{"b":"b","i":"1299238","t":"Tabbug Bridge opens today","a":65},{"b":"b","i":"1299181","t":"Things to watch","a":66},{"b":"c","i":"1897069","t":"Harry Reid Pleads to Democrat Supporters: 'I'm Begging You'","a":67},{"b":"b","i":"1299171","t":"Statement by NSC Spokesperson Bernadette Meehan on Deputy National Security Advisor for Strategic Communications Benjamin Rhodes\u2019 Meeting with Yezidi Leaders | The White House","a":68},{"b":"f","i":"1174796","t":"Kim Kardashian Dresses North in Skunk Costume; See How the Today Show Celebrated Halloween: Top 5 Stories","a":69},{"b":"f","i":"1174798","t":"History: Nov. 1, 2014","a":70},{"b":"c","i":"1897043","t":"stltoday.com","a":71},{"b":"f","i":"1174800","t":"Shep Smith to PA Police Officials: Don't You Kind of Wish Eric Frein Had Resisted?","a":72},{"b":"a","i":"1362348","t":"MISSING VULNERABLE ADULT ALERT: 93-year-old man with dementia missing","a":73},{"b":"a","i":"1362326","t":"Ann Romney Plans Loudoun Stop To Support GOP Ticket","a":74},{"b":"a","i":"1362327","t":"Armed Robber Hits CountrySide Bank","a":75},{"b":"f","i":"1174892","t":"Halloween in Tweets: The Pros get spooky","a":76},{"b":"a","i":"1362309","t":"Spaceship Explodes: One Dead After Virgin Galactic Craft Goes Down Mid-flight","a":77},{"b":"a","i":"1362311","t":"Swimming & Diving","a":78},{"b":"a","i":"1362321","t":"Fireworks blaze search to resume","a":79},{"b":"c","i":"1897024","t":"Bridgeport\u2019s Black Rock Discovers \u2018Cool\u2019 Side","a":80},{"b":"f","i":"1174805","t":"'Gades to host Santa Barbara in opener today","a":81},{"b":"f","i":"1174807","t":"FedEx Freight Workers In New Jersey Vote To Join Teamsters Local 701","a":82},{"b":"f","i":"1174921","t":"Eric Frein: What we learned today about his manhunt and capture","a":83},{"b":"e","i":"535317","t":"Is a Santa Claus Rally Ahead, or Yet Another Bust?","a":84},{"b":"a","i":"1362252","t":"Top-rated reviews of the week (pictures)","a":85},{"b":"f","i":"1174690","t":"Roundabout Nov. 1","a":86},{"b":"f","i":"1174698","t":"Trending Halloween Buzz","a":87},{"b":"a","i":"1362231","t":"Jose ‘happy where we are’","a":88},{"b":"c","i":"1896977","t":"Deadly day for space tourism -- but future 'rests' on such days, official says","a":89},{"b":"a","i":"1362223","t":"Human Longevity, Inc. Hires Industry Experts Barry Merriman, Ph.D., and Paul Mola, M.S. to Lead New Global Solutions Initiative","a":90},{"b":"a","i":"1362198","t":"Canyon set for winning start over flights","a":91},{"b":"a","i":"1362216","t":"WAYNE Water Systems Awards This Old House Fans with Sump Pumps in \u201cThis Old House Great TOH Giveaway Sweepstakes\u201d","a":92},{"b":"d","i":"977715","t":"Read the messages of thanks from the wives of three slain Mounties","a":93},{"b":"c","i":"1896958","t":"Starbucks Franken Frappuccino: $3 after 2 p.m.","a":94},{"b":"a","i":"1362157","t":"Coalition braced for protests over water charges","a":95},{"b":"c","i":"1896922","t":"Bad News for Amazon: Google Play Movies and TV Are Now on Roku","a":96},{"b":"c","i":"1896921","t":"Virgin Galactic vows to continue space program after 'serious anomaly'","a":97},{"b":"c","i":"1896910","t":"stltoday.com","a":98},{"b":"f","i":"1174668","t":"10 Things to Know for Today","a":99},{"b":"d","i":"977542","t":"Truth is hard but residential school reconciliation harder: Murray Sinclair","a":100}]

      100

      Mommies Go Nuts Over New Design Stroller Organizer