English | Italian

"Here we go again: Viber..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
Easily Recover Viber Calls & Messages from iPhone 6+/6/5S/5C/5/4S/4/3GS
How to Recover Viber Contacts from iPhone from/without iTunes, iCloud Backup
How to install viber on PC
C3TEK DEMO Viber data summary
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
شرح كيفية استخدام data spire2 (ابوالجدايل)
Continue »
Pop theme

Bibeau,Europe budget,Elizabeth II,Ebola Virus,Carswell,Marysville,Dilma Rousseff,Jeffrey Fowle,Taylor Swift,Zellweger

Related theme

these messenger,apps may,free privacy,users

Here we go again: Viber mobile messenger app leaves user data unencrypted


data viber user

2014-04-24 22:56:47

Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.

According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.

All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.

It's the second cryptographic blunder exposed by UNH researchers in as many weeks - the UNH Cyber Forensics Research & Education Groupdisclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted

    No results related

    Add now

form.

Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp.

In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.

Data can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber.

In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber's servers by anyone who knows the message URL:

The data is stored on Viber's server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did "not receive a response from them."

In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been "resolved."

This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this.

The fact is that an modern online messaging app shouldn't really be "fixing" this sort of blunder - encryption should have been baked in from the start.

And for all that Viber may have "fixed" its apps to exchange data securely now, it hasn't said anything about addressing the insecurities that UNH found in Viber's cloud, where your messages are stored.

The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark.

That includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various mobile operating systems, and on Blackberry and Nokia phones.

With all of this in mind, Viber's claim that "we aren't aware of a single user who has been affected by this" rings very hollow.

After all, the company didn't bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk.

Leaky mobile apps and data privacy

As is becoming all too common with the new breed of mobile messenger apps - including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be an afterthought.

Although both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security.

Viber, founded in 2010, has had a couple other security incidents in the past year.

In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.

And in April 2013, Viber's support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack.

WhatsApp's founder Jan Koum famously said that "respect for your privacy is coded in our DNA," after his company was bought out by Facebook for $19 billion in March.

That's a nice sentiment, but WhatsApp has made repeated cryptographic blunders that left user data vulnerable.

Another rapidly growing messenger app, Snapchat, ignored warnings from security researchers that the app allowed unlimited searches of user phone numbers - a flaw that led to an attacker dumping 4.6 million usernames and phone numbers online after Snapchat dismissed the attack as "theoretical."

When asked to appear voluntarily before a Congressional hearing on data breaches, Snapchat refused to testify, leading one US Senator to say the company was "hiding something."

Which is ironic, since hiding user data from prying eyes doesn't appear to be one of the company's strengths.

Despite promises it made to users that their private messages would "disappear forever," Snapchat has acknowledged that user Snaps aren't deleted right away from their servers or from users' phones.

These popular messenger apps may be free, but at a cost to privacy for their hundreds of millions of users.

View Original Article: sophos.com
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source sophos.com.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Here we go again: Viber..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"c","i":"1884565","t":"Four lessons Ronald Reagan can teach us today","a":1},{"b":"a","i":"1336823","t":"More You, less me","a":2},{"b":"a","i":"1336830","t":"Pakistan welcomes UN's decision of observer status to D-8 group","a":3},{"b":"b","i":"1274949","t":"Kristen Stewart To Take A Break From Acting To Focus On Other Creative Projects","a":4},{"b":"a","i":"1336818","t":"LUHS receives Magnet redesignation for hospital, outpatient clinics","a":5},{"b":"c","i":"1884527","t":"Why McDonald's Will Never Be Great Again","a":6},{"b":"a","i":"1336787","t":"Events around Athens today","a":7},{"b":"b","i":"1274905","t":"Congress slams BJP over controversial piece, asks PM Narendra Modi to clarify","a":8},{"b":"b","i":"1274888","t":"Southampton Football Club is backing a Daily Echo-backed police campaign to encourage youngsters to tackle crime","a":9},{"b":"b","i":"1274895","t":"Entertainment","a":10},{"b":"d","i":"960715","t":"Today's top five things to do in Summit County","a":11},{"b":"d","i":"960719","t":"Roskam ready for state meet at full health","a":12},{"b":"a","i":"1336759","t":"Bypolls to three Delhi assembly seats on November 25","a":13},{"b":"a","i":"1336767","t":"Historical Society Book: Signs Of The Times","a":14},{"b":"c","i":"1884506","t":"Forget Tesla Motors Inc's Tiny Batteries, This Monster Battery Could Be the Future","a":15},{"b":"b","i":"1274866","t":"Adams: Opponents using Cahill allegations in 'opportunistic way'","a":16},{"b":"c","i":"1884509","t":"The Compelling Story of Katy Perry's Path to Stardom","a":17},{"b":"a","i":"1336739","t":"The Wars Rand Paul Would Fight","a":18},{"b":"b","i":"1274848","t":"Save the Date: Farmers market, music and drama","a":19},{"b":"b","i":"1274849","t":"Centre gives nod to defence projects worth Rs 80,000 crore","a":20},{"b":"b","i":"1274825","t":"Model train show aims to impress","a":21},{"b":"b","i":"1274828","t":"Iran hangs woman convicted of killing alleged rapist","a":22},{"b":"b","i":"1274804","t":"Breaking newsMurder victim named by police","a":23},{"b":"d","i":"960626","t":"North Lake sport briefs: South Shore Rollers' bout to benefit 'Reins of Life'","a":24},{"b":"d","i":"960629","t":"DeRozan sheds losing seasons, shows an underdog's hunger","a":25},{"b":"c","i":"1884452","t":"Horoscopes for Saturday, October 25, 2014","a":26},{"b":"b","i":"1274781","t":"RSS distances from controversial article","a":27},{"b":"b","i":"1274774","t":"Pollution from Eruption across Most of Iceland Today","a":28},{"b":"a","i":"1336657","t":"Williams fights back to defeat Wozniacki in WTA semi-final thriller","a":29},{"b":"a","i":"1336662","t":"Bonfire display brings in entry charge for first time in 30-year history","a":30},{"b":"b","i":"1274715","t":"Auditor general releases pension plan audits for municipalities","a":31},{"b":"b","i":"1274728","t":"Olly set to make more changes than Ole","a":32},{"b":"a","i":"1336601","t":"TN govt hikes milk prices by Rs 10 a litre","a":33},{"b":"b","i":"1274712","t":"More like this story","a":34},{"b":"a","i":"1336585","t":"Other stories from today:","a":35},{"b":"a","i":"1336593","t":"NHL Scores: Avalanche offense has breakout game; Jonathan Drouin shines","a":36},{"b":"b","i":"1274691","t":"Watch: John Prescott says North regions must unite to be 'battering ram for change'","a":37},{"b":"a","i":"1336575","t":"Social Security announces 1.7 percent benefit increase for 2015","a":38},{"b":"d","i":"960529","t":"Suspect in 2 deputy deaths captured after manhunt","a":39},{"b":"b","i":"1274652","t":"Free And Cheap London Events: 27 October-2 November 2014","a":40},{"b":"b","i":"1274670","t":"Viner letter: Reader: Hyperbolic rhetoric improperly conflates history, politics","a":41},{"b":"a","i":"1336547","t":"College Football Rankings 2014: Final NCAA Overview of Week 9 Standings | Bleacher Report","a":42},{"b":"b","i":"1274675","t":"Home Ministry to send advisories to states on racial attacks | Business Standard News","a":43},{"b":"c","i":"1884411","t":"Horoscopes for Saturday, October 25, 2014","a":44},{"b":"c","i":"1884397","t":"'One-man crime spree' kills 2 sheriff's deputies, police say","a":45},{"b":"a","i":"1336532","t":"Today in History, October 25th","a":46},{"b":"a","i":"1336533","t":"Deutsche Bank lawyer found dead in apparent NY suicide, Wall Street Journal reports","a":47},{"b":"a","i":"1336539","t":"Today in History","a":48},{"b":"d","i":"960464","t":"BJP Government Openly Aiding Colombo, Alleges MDMK Chief Vaiko","a":49},{"b":"d","i":"960465","t":"Jammu and Kashmir, Jharkhand Elections to be Held in Five Phases from November 25","a":50},{"b":"d","i":"960467","t":"PM Modi Clicks Picture of BJP Photographer","a":51},{"b":"b","i":"1274622","t":"250 migrants on way to Malta","a":52},{"b":"b","i":"1274636","t":"Man trapped in overturned car after two-vehicle crash in Takeley","a":53},{"b":"a","i":"1336528","t":"Simon Dyson begins China task","a":54},{"b":"b","i":"1274601","t":"New Maharashtra govt likely next week","a":55},{"b":"b","i":"1274603","t":"Advance polls today in Charlottetown, Summerside, Stratford, Cornwall - Local - The Guardian","a":56},{"b":"b","i":"1274605","t":"Five-phase polls in J-K, Jharkhand from Nov 25 to Dec 20","a":57},{"b":"b","i":"1274607","t":"Uruguay election: How will next president stack up against President Mujica?","a":58},{"b":"a","i":"1336473","t":"Rep. Candice Miller tours northern Macomb businesses","a":59},{"b":"a","i":"1336480","t":"Upcoming Episode of Innovations with Ed Begley, Jr. to Feature Limbkeepers®","a":60},{"b":"d","i":"960421","t":"New Maharashtra government likely to be sworn in next week","a":61},{"b":"d","i":"960438","t":"Maharashtra governor Vidyasagar Rao directs DGP to appoint STF to probe Dalit killings","a":62},{"b":"c","i":"1884370","t":"My Mother, My Values, My Vote","a":63},{"b":"f","i":"1157880","t":"Royals hold off Giants to take 2-1 series lead","a":64},{"b":"d","i":"960410","t":"Hispanic ministry celebrating 15 years in Jefferson City","a":65},{"b":"b","i":"1274563","t":"TECH BYTES: You buy it, you own it. But what if you leased it?","a":66},{"b":"b","i":"1274566","t":"Bruton begins trade mission to US","a":67},{"b":"b","i":"1274495","t":"Religion Today","a":68},{"b":"b","i":"1274500","t":"Health Worker Quarantined in New Jersey Tests Negative for Ebola","a":69},{"b":"b","i":"1274486","t":"West Africa: Paul G. Allen Increases Commitment to Fight Ebola to $100 Million","a":70},{"b":"a","i":"1336432","t":"Pele on Pahoa\u2019s doorstep","a":71},{"b":"a","i":"1336427","t":"Twilight Star Kristen Stewart Takes Acting Break for 'Creative Endeavours'","a":72},{"b":"a","i":"1336404","t":"PM Narendra Modi, senior BJP leaders to attend Manohar Lal Khattar's swearing-in","a":73},{"b":"a","i":"1336408","t":"Gadkari meets RSS chief; says no discussion on Maharashtra politics | Business Standard News","a":74},{"b":"c","i":"1884286","t":"Italians Rally in Rome to Protest Renzi\u2019s Labor Rules Overhaul","a":75},{"b":"a","i":"1336380","t":"SENATORS: Obama Administration is intentionally misleading Americans on proposed water rule","a":76},{"b":"d","i":"960304","t":"HK Aug volume of total exports of goods up 5.2%","a":77},{"b":"d","i":"960281","t":"Japan's mine sweepers, UAE Navy to conduct joint drill","a":78},{"b":"d","i":"960263","t":"Yakima to address mill site potential, winter shelters","a":79},{"b":"d","i":"960271","t":"'Rusch to Glory' tells story of the 'Queen of Pain'","a":80},{"b":"d","i":"960255","t":"Today in New York History: Oct. 25","a":81},{"b":"a","i":"1336338","t":"Astrological Forecasts for 10\/25\/2014","a":82},{"b":"a","i":"1336340","t":"TN govt hikes milk prices by Rs 10 a litre","a":83},{"b":"a","i":"1336303","t":"Football Ferns captain earns her 100th cap","a":84},{"b":"d","i":"960187","t":"Saturday Morning STORMTracker Forecast","a":85},{"b":"a","i":"1336293","t":"Henry McLeish says Lamont faced constant sniping from Labour MPs","a":86},{"b":"a","i":"1336295","t":"Workington Reds face injury crisis","a":87},{"b":"d","i":"960136","t":"Stoke City: Could fate conspire against Geoff Cameron again?","a":88},{"b":"d","i":"960122","t":"It is a decade today since BBC broadcaster John Peel died. His widow Sheila Ravenscroft talks about their life ...","a":89},{"b":"g","i":"35555","t":"Grandhoard comes up with various accessories for cellphones and automotives","a":90},{"b":"d","i":"960115","t":"Global talent pool to be given institutional shape","a":91},{"b":"c","i":"1884176","t":"Suspect in 2 deputy deaths captured after manhunt","a":92},{"b":"c","i":"1884166","t":"Suspect in 2 deputy deaths captured after manhunt","a":93},{"b":"d","i":"960082","t":"Poriborton in West Bengal brings a 'change' in the terror nodules too!","a":94},{"b":"c","i":"1884156","t":"Suspect in 2 Deputy Deaths Captured After Manhunt","a":95},{"b":"c","i":"1884137","t":"Lauren Hill, Mt. St. Joseph player with brain tumor, to play in moved-up season opener","a":96},{"b":"f","i":"1157719","t":"Witham Town all set for FA Cup Fourth Round Qualifying tie against Weston-super-Mare today","a":97},{"b":"g","i":"35528","t":"Best Vapor Cigarette Brands","a":98},{"b":"d","i":"959957","t":"\u00e2Diwali milan\u00e2: PM Narendra Modi addresses journalists","a":99},{"b":"d","i":"959965","t":"PM Modi Praises Media's Role in 'Clean India' Campaign: Highlights","a":100}]

      100

      Four lessons Ronald Reagan can teach us today