Viber is a Las Vegas and Cyprus-registered company, allows the users for to share free text message, photos, GPS location and also allows them to make a free voice call to other viber users. Viber is the cross platform messaging app, available for Android, iOS, Blackberry, Windows phone and desktop also.
The researchers found that users' data stored on the Viber Amazon Servers including images and videos are stored in an unencrypted form that could be easily accessed without any authentication i.e.which gives leverage to an attacker to simply visiting the intercepted link on a website for the complete access to the data.
On the blog post researcher post
The main issue is that the above-mentioned data is unencrypted, leaving it open for interception through either a Rogue AP, or any man-in-the middle attacks.
Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone.Attacker can use any network testing tools like Network Miner or Wireshark, to sniff the traffic while performing the Man-in-Middle attack.
Before posting the post researcher have reported the issue to Viber team, but till yet they haven't got any response from Viber.