English | Italian

"Here we go again: Viber..." (Theme) The lastest total: 100+. you can read with page flip.

close
show list
related videos
How to Recover Viber Contacts from iPhone from/without iTunes, iCloud Backup
How to install viber on PC
C3TEK DEMO Viber data summary
LibreSSL, Linux Foundation, Play Store refunds and Viber shabbiness - 60 Sec Security
Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted
Introducing Viber Desktop Viber for Windows video
Continue »
Pop theme

Joko Widodo,Ebola vaccine,Bharatiya Janata Party,Oscar Pistorius,Total CEO,Hurricane,Peyton Manning,Zardari,Gough Whitlam,Boko Haram

Related theme

these messenger,apps may,free privacy,users

Here we go again: Viber mobile messenger app leaves user data unencrypted


data viber user

2014-04-24 22:56:47

Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.

According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.

All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.

It's the second cryptographic blunder exposed by UNH researchers in as many weeks - the UNH Cyber Forensics Research & Education Groupdisclosed on 13 April 2014 that the WhatsApp messenger app also gives away user location data in unencrypted

    No results related

    Add now

form.

Using a Windows PC as a Wi-Fi access point, the UNH team was able to capture data sent by an Android smartphone with regular traffic sniffing tools, the same approach taken by UNH in their experiments with WhatsApp.

In a video posted on the UNH website and YouTube, the researchers demonstrated capturing messages sent between two test Android phones.

Data can be intercepted by poisoned access points, by malicious users on the same Wi-Fi network, or elsewhere in the network between you and Viber.

In the video, one of the researchers said the unencrypted messages can also be retrieved from Viber's servers by anyone who knows the message URL:

The data is stored on Viber's server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it.

The researchers, Dr Ibrahim Baggili and Jason Moore, said in a blog post that they reported the security flaw directly to Viber before publishing their results but did "not receive a response from them."

In a statement to CNET, Viber said it would be releasing a fix soon for Android and iOS, and said the issue has been "resolved."

This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this.

The fact is that an modern online messaging app shouldn't really be "fixing" this sort of blunder - encryption should have been baked in from the start.

And for all that Viber may have "fixed" its apps to exchange data securely now, it hasn't said anything about addressing the insecurities that UNH found in Viber's cloud, where your messages are stored.

The company also lists only Android and iOS as getting updates, leaving users of its numerous other supported platforms in the dark.

That includes users of Viber on the desktop, via Samsung's Bada ecosystem, on Microsoft's various mobile operating systems, and on Blackberry and Nokia phones.

With all of this in mind, Viber's claim that "we aren't aware of a single user who has been affected by this" rings very hollow.

After all, the company didn't bother to apologize for not spotting these problems in its own QA – and putting its customers at needless risk.

Leaky mobile apps and data privacy

As is becoming all too common with the new breed of mobile messenger apps - including the Facebook-owned WhatsApp and the photo and video-sharing app Snapchat - security and privacy of user data seems to be an afterthought.

Although both WhatsApp and Viber said they will work to fix their encryption oversights, at times these young companies have exhibited a cavalier and disdainful attitude towards data privacy and security.

Viber, founded in 2010, has had a couple other security incidents in the past year.

In July 2013, a security researcher managed to use pop-up notifications from the Viber app to bypass the lock screen on an Android device.

And in April 2013, Viber's support page was hacked by the Syrian Electronic Army, although no user data was lost in the attack.

WhatsApp's founder Jan Koum famously said that "respect for your privacy is coded in our DNA," after his company was bought out by Facebook for $19 billion in March.

That's a nice sentiment, but WhatsApp has made repeated cryptographic blunders that left user data vulnerable.

Another rapidly growing messenger app, Snapchat, ignored warnings from security researchers that the app allowed unlimited searches of user phone numbers - a flaw that led to an attacker dumping 4.6 million usernames and phone numbers online after Snapchat dismissed the attack as "theoretical."

When asked to appear voluntarily before a Congressional hearing on data breaches, Snapchat refused to testify, leading one US Senator to say the company was "hiding something."

Which is ironic, since hiding user data from prying eyes doesn't appear to be one of the company's strengths.

Despite promises it made to users that their private messages would "disappear forever," Snapchat has acknowledged that user Snaps aren't deleted right away from their servers or from users' phones.

These popular messenger apps may be free, but at a cost to privacy for their hundreds of millions of users.

View Original Article: sophos.com
Disclaimer statement: The point of this article or rights belongs to the authors and publishers. We take no responsibility for the content of this article and legitimacy.
Do you have any questions about this article, please contact the news source sophos.com.
Or contact us

Share

Write an article relevant this topic share on facebook share on twitter share on google plus share on oknews share on linkedin share on digg share on reddit share on newsvine share on pinterest share on netlog share on tumblr share on delicious send email print add to favorite

"Here we go again: Viber..." IN THE COMMUNITY!

Facebook
    Twitter

      PHOTO

        No results related
      Share one Sentence

      Manage my submission

      [{"b":"a","i":"1320815","t":"Kristen Stewart is 'overly happy' right now","a":1},{"b":"a","i":"1320816","t":"Embraer rolls out KC-390 military airlift - Yahoo Finance Canada","a":2},{"b":"a","i":"1320820","t":"Boston Wants To Grow, But Tough Obstacles Stand In Its Way","a":3},{"b":"a","i":"1320821","t":"Office of Municipal Securities Director John Cross to Leave SEC","a":4},{"b":"b","i":"1259641","t":"Yesterdays Oct. 22","a":5},{"b":"e","i":"526764","t":"Pistorius\u2019s Prison Term Marks Fall of South African Sports Icon","a":6},{"b":"b","i":"1259629","t":"Arkansas Unemployment Drops Again","a":7},{"b":"a","i":"1320784","t":"Pope to visit Turkey as region's Christians flee Islamic State persecution | Christian News on Christian Today","a":8},{"b":"f","i":"1151233","t":"How can we help you today?","a":9},{"b":"e","i":"526725","t":"3 Ways To Avoid Going Off A Stock Market Cliff With The Buy-And-Hold Herd","a":10},{"b":"e","i":"526729","t":"An Ebola Outbreak Contained: What U.S. And Other Nations Can Learn From Nigeria","a":11},{"b":"b","i":"1259601","t":"Province to announce today how much it will tax LNG projects","a":12},{"b":"b","i":"1259605","t":"Slight Drop in Arkansas Unemployment","a":13},{"b":"b","i":"1259613","t":"Statement by the President of the Treasury Board to Mark Small Business Week 2014","a":14},{"b":"e","i":"526716","t":"Vine Makes It Easier to Discover Great Vines Through Following Channels","a":15},{"b":"a","i":"1320771","t":"London Eye Hospital Pharma Announces US Clinical Introduction of iolAMD\u2122 - Yahoo Finance Canada","a":16},{"b":"a","i":"1320773","t":"Online Learning Company lynda.com Launches New IT Training Category","a":17},{"b":"e","i":"526715","t":"Kate Middleton Shows Off Her Mini Baby Bump","a":18},{"b":"b","i":"1259584","t":"Fashion Pioneer Oscar de la Renta Dead at 82 + More of Today’s First Dibs","a":19},{"b":"b","i":"1259560","t":"IEEE Announces The Future of Identity Series at SXSW\u00ae 2015\r\n\t\t\t\t\t\t\t\t\t\t\tIEEE Speakers Series to Promote Open Collaboration on Future Frameworks for Privacy, Identity Management and Personalized Medicine","a":20},{"b":"a","i":"1320751","t":"Rwanda: Lifting the Lid On Rwandan Repression","a":21},{"b":"b","i":"1259565","t":"Why Dish subscribers can't see CNN today","a":22},{"b":"a","i":"1320700","t":"Officer gives prelude to week\u2019s proceedings","a":23},{"b":"f","i":"1151196","t":"How to Try Out Apple's New Photo Storage Service Now","a":24},{"b":"a","i":"1320681","t":"BioUtah Partners with Utah STEM Action Center to Provide STEM Student Scholarships, Special Tickets to Utah Life Science Summit - Yahoo Finance Canada","a":25},{"b":"a","i":"1320683","t":"Realtors® Say QRM Rule Will Provide Clarity in Housing Finance Market, Benefit Consumers","a":26},{"b":"b","i":"1259531","t":"CDC issues new rules for protecting workers from Ebola","a":27},{"b":"c","i":"1876981","t":"McDonald's profit plunges 30 pct.","a":28},{"b":"b","i":"1259511","t":"Grace Hotels Announces Opening of Grace Panama","a":29},{"b":"b","i":"1259514","t":"Leading Proxy Firm Glass-Lewis Advises Chiquita Shareholders Vote AGAINST Revised Fyffes Transaction\r\n\t\t\t\t\t\t\t\t\t\t\tAlso Recommends Voting AGAINST Adjournment of the Special Meeting of Chiquita Shareholders","a":30},{"b":"b","i":"1259502","t":"‘Preppie Drug Ring’ Leader Pleads Guilty To Main Line Dealing","a":31},{"b":"a","i":"1320645","t":"Oscar de la Renta, legendary designer, dead at 82","a":32},{"b":"b","i":"1259487","t":"The Rock Has Dinner with Mark Zuckerberg, Chris Jericho Updates, Canvas 2 Canvas, WWE - KC","a":33},{"b":"b","i":"1259488","t":"Oscar Pistorius Heads to Jail While South Africans Cry Injustice","a":34},{"b":"c","i":"1876952","t":"Oscar Pistorius Begins Five Year Prison Term, But May Be Out in One","a":35},{"b":"b","i":"1259464","t":"Newtown, Connecticut Therapy Dog Wins First Nationwide Books & Barks Contest","a":36},{"b":"a","i":"1320635","t":"RBI redistributes work among Deputy Governors","a":37},{"b":"a","i":"1320604","t":"BridgePortfolio Releases BridgeView","a":38},{"b":"b","i":"1259438","t":"Oscar de la Renta, legendary designer, dead at 82","a":39},{"b":"a","i":"1320589","t":"Former U.S. Securities and Exchange Commission General Counsel, \n International Affairs Chief Counsel and Commodity Futures Trading \n Commission Enforcement Chief Joins Sidley Austin LLP","a":40},{"b":"b","i":"1259431","t":"Russia Slaps Ban on Ukrainian Fruit and Vegetables","a":41},{"b":"a","i":"1320574","t":"IEEE Announces The Future of Identity Series at SXSW\u00ae 2015 - Yahoo Finance Canada","a":42},{"b":"a","i":"1320578","t":"$84 million Microsoft CEO: We pay women equally","a":43},{"b":"a","i":"1320579","t":"PEER 1 Hosting Presenting at HostingCon 2013 on How to Support Big Data","a":44},{"b":"b","i":"1259421","t":"Arts & Entertainment SEE MORE","a":45},{"b":"c","i":"1876932","t":"Media Stumped On How To Handle Missing Mixed-Race Woman","a":46},{"b":"a","i":"1320568","t":"Related Articles","a":47},{"b":"a","i":"1320517","t":"Entegris Extends Its VaporSorb(TM) Filter Line for Advanced Yield Protection in Semiconductor Processing - Yahoo Finance New Zealand","a":48},{"b":"a","i":"1320527","t":"Pitt\u2019s \u2018Fury\u2019 War Movie Captures Weekend Box Office","a":49},{"b":"a","i":"1320530","t":"Birth season may predict mood in adulthood, study finds","a":50},{"b":"a","i":"1320532","t":"Germany Wins Small-Bank Resolution-Levy Cap in EU Rules","a":51},{"b":"b","i":"1259391","t":"Irish Water to investigate claims tenants' bank numbers were sent to landlords","a":52},{"b":"b","i":"1259397","t":"Embrace Your Inner Marty McFly With the Hendo Hoverboard","a":53},{"b":"a","i":"1320534","t":"Hetnet Software Supports Legacy Network Performance Management For Mobile Operators\r\n\t\t\t\t\t\t\t\t\t\t\tHetnetPM Extends Wireless IP Backhaul Automation for end-to-end Performance Management","a":54},{"b":"a","i":"1320500","t":"Mount Washington College Names Dr. Donald G. Knezek as Board of Trustees Member - Yahoo Finance UK","a":55},{"b":"a","i":"1320502","t":"Transplace Releases New Transportation Optimization Technology - Yahoo Finance Canada","a":56},{"b":"a","i":"1320504","t":"Bertelsmann Pushes Into Education With Relias Purchase","a":57},{"b":"a","i":"1320507","t":"Backpage.com lawsuit could have major effect on sex trafficking","a":58},{"b":"a","i":"1320510","t":"MBX Improves Server Appliance Performance with Newest Intel\u00ae Xeon\u00ae Processor\r\n\t\t\t\t\t\t\t\t\t\t\tAvailable Immediately for Customers' Hardware Platforms","a":59},{"b":"f","i":"1150742","t":"Peak Hotels and Resorts Limited Announces Appointment of Carolyn Turnbull to the Board of Directors","a":60},{"b":"f","i":"1150741","t":"GSMA Provides New Details for Mobile World Congress 2015","a":61},{"b":"f","i":"1150682","t":"SC Lowy Celebrates Five Years of Independence with Record Trading Volumes","a":62},{"b":"f","i":"1150681","t":"Thuraya supports Dubai\u2019s Information City\u2019s \u201cEducate a Child, Build a Nation\u201d initiative in advocacy of computer literacy for children","a":63},{"b":"f","i":"1150684","t":"Peak Hotels and Resorts Limited Announces Appointment of Carolyn Turnbull to the Board of Directors","a":64},{"b":"f","i":"1150740","t":"SC Lowy Celebrates Five Years of Independence with Record Trading Volumes","a":65},{"b":"f","i":"1150743","t":"Thuraya supports Dubai\u2019s Information City\u2019s \u201cEducate a Child, Build a Nation\u201d initiative in advocacy of computer literacy for children","a":66},{"b":"b","i":"1259377","t":"Mercedes-Benz Eyes Adding Italian Motorcycle Manufacturer MV Agusta To Portfolio","a":67},{"b":"b","i":"1259379","t":"Italian police discover huge \u20ac1.7 billion corporate fraud","a":68},{"b":"b","i":"1259353","t":"5-at-10: SEC asked and answered, NFL power poll, fixing contracts and Rushmore of Luthers","a":69},{"b":"a","i":"1320482","t":"World Series preview: Royals, Giants isn't a battle of baseball's best","a":70},{"b":"f","i":"1151162","t":"Today in sports history","a":71},{"b":"e","i":"526696","t":"Oscar Pistorius Sentenced to Five Years in Prison","a":72},{"b":"b","i":"1259289","t":"Nicole Schoenberg Joins MWW As Senior Vice President, Financial Communications - Yahoo Finance Canada","a":73},{"b":"b","i":"1259293","t":"Escrow.com Chosen to Handle Sale of Ultra-Premium Domain Holiday.com","a":74},{"b":"b","i":"1259262","t":"SteelSeries Welcomes New CEO, M. Ehtisham Rabbani","a":75},{"b":"b","i":"1259265","t":"Business Integrity introduces ContractExpress for SharePoint 4.6 with DocuSign integration","a":76},{"b":"d","i":"949976","t":"India to UNGA: 'IPL is most profitable and popular league'","a":77},{"b":"b","i":"1259246","t":"USA Network orders third season of breakout comedic reality series ‘Chrisley Knows Best’","a":78},{"b":"b","i":"1259250","t":"Monkey chants in Moscow: Is Russia making any progress in its fight against racism?","a":79},{"b":"b","i":"1259255","t":"Turner Survey on Green Buildings Shows Greater Focus on Benefits of Improving Health, Wellbeing, and Productivity of Building Occupants","a":80},{"b":"d","i":"949955","t":"Join Healthy Woman Saturday, Nov. 8 for annual program","a":81},{"b":"d","i":"949936","t":"Pocono Mountain schools closed today","a":82},{"b":"d","i":"949942","t":"WebMD Announces 2014 Health Hero Award Winners and Star-Studded Lineup for Inaugural Awards Event","a":83},{"b":"d","i":"949916","t":"Birmingham bike safety scheme launched in schools","a":84},{"b":"e","i":"526633","t":"Busquets to miss Ajax clash with bruised hip","a":85},{"b":"f","i":"1151116","t":"Religion Calendar - April 6, 2013","a":86},{"b":"d","i":"949819","t":"Financial Results, Upcoming Earnings, New Agreement, Upcoming Event, and Dividend - Research Reports on Google, Baidu ...","a":87},{"b":"d","i":"949802","t":"Syria Kurds Say Peshmerga Must Work With Them in Kobani Defense","a":88},{"b":"d","i":"949757","t":"4 tips for Thanksgiving fliers","a":89},{"b":"d","i":"949758","t":"Vdopia Launches Chocolate, Industry's Most Scalable Mobile Video Programmatic Marketplace","a":90},{"b":"d","i":"949766","t":"Sciaky, Inc. to Sponsor and Chair the 2014 Additive Aerospace Summit in Los Angeles, CA","a":91},{"b":"d","i":"949768","t":"Uniform style! Birthday girl Kim Kardashian's famous pencil skirt-polo neck style","a":92},{"b":"d","i":"949772","t":"Embarr Downs Announces its Subsidiary W+B Partners is Increasing its Position in Nate's Food Co.","a":93},{"b":"e","i":"526582","t":"10 Architectural Icons That Could Have Been Vastly Different","a":94},{"b":"d","i":"949725","t":"Camp Lejeune Marine accused of killing transgender woman does not appear in court","a":95},{"b":"e","i":"526575","t":"Almost All Business Schools Now Accept the GRE","a":96},{"b":"f","i":"1150850","t":"Big Data in Financial Services Industry: Market Trends, Challenges, and Prospects 2014 - 2019","a":97},{"b":"d","i":"949701","t":"Diesel price: SIAM, Tata Motors, Nissan welcome deregulation of prices","a":98},{"b":"f","i":"1150881","t":"Apple Pay Debuts Today At Over 220,000 Locations","a":99},{"b":"c","i":"1876713","t":"Fire in parked car spreads to two houses on East Side","a":100}]

      100

      Kristen Stewart is 'overly happy' right now