Viber's Poor Security puts 150 millions Users Data under Threaten
Researcher from UNH Cyber Forensics Research and Education Group have reported a new vulnerabilities in one of the most popular messaging app "Viber". Researcher claims that Viber's have the low security practices threaten privacy of its more than 150 millions active users.
Viber is a Las Vegas and Cyprus-registered company, allows the users for to share free text message, photos, GPS location and also allows them to make a free voice call to other viber users. Viber is the cross platform messaging app, available for Android, iOS, Blackberry, Windows phone and desktop also.
Researcher also made a video demonstration for this poor security of Viber, which shows that the data share between the Viber and Amazon server is not encrypted and attackers can easily intercept the unencrypted traffic with any of the traffic sniffing tools.
Before posting the post researcher have reported the issue to Viber team, but till yet they haven't got any response from Viber.
Viber is a Las Vegas and Cyprus-registered company, allows the users for to share free text message, photos, GPS location and also allows them to make a free voice call to other viber users. Viber is the cross platform messaging app, available for Android, iOS, Blackberry, Windows phone and desktop also.
The researchers found that users' data stored on the Viber Amazon Servers including images and videos are stored in an unencrypted form that could be easily accessed without any authentication i.e.which gives leverage to an attacker to simply visiting the intercepted link on a website for the complete access to the data.
On the blog post researcher post
The main issue is that the above-mentioned data is unencrypted, leaving it open for interception through either a Rogue AP, or any man-in-the middle attacks.
Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone.Attacker can use any network testing tools like Network Miner or Wireshark, to sniff the traffic while performing the Man-in-Middle attack.
Before posting the post researcher have reported the issue to Viber team, but till yet they haven't got any response from Viber.