Researchers Able To Intercept Unencrypted Viber Data

Researchers at the University of New Haven have exposed a number of security flaws in popular mobile VoIP and instant messaging application Viber that could allow an attacker to obtain images, videos and location data.

The university’s Cyber Forensics Research and Education says such information is stored in an unencrypted format on Viber’s Amazon servers, is not deleted immediately and can be easily accessed without any authentication mechanism.

“Anyone, including the service providers, will be able to collect this information – and anyone that sets up a rogue access point, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone,” the researchers warned.

Viber vulnerability

Viber iOSTo test their theory, the group conducted an experiment. They set up a rogue access point using the Windows 7 Wi-Fi miniport adapter feature and were able to capture information sent between two smartphones using tools such as NetworkMiner, Wireshark, and NetWitness.

The researchers say they sent information about the flaw to Viber, but received no response, which is why they have released their findings to the public. It has called on the service to make sure data is encrypted when it is being sent and saved and to require authentication when it is being accessed to prevent more sinister groups from exploiting the vulnerability.

The discovery is a blow for Viber, which was recently acquired by Japanese e-commerce firm Rakuten, and is hoping to better compete with rivals such as WhatsApp and Skype. Earlier this week it launched a refreshed version of its iOS application and released a client for BlackBerry 10.

It’s not the first security scare to affect the service, after the Syrian Electronic Army (SEA) hacked Viber’s support page, with user data, including the IP address, country and device type, compromised although the company insisted that sensitive user data was not taken.

What do you know about the smartphones of 2013? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Bitcoin Slides To $81,000 In Trump Tariff Shock

As global markets reel from Trump's tariffs, the price of Bitcoin slides as investors seek…

21 mins ago

Amazon’s First Project Kuiper Satellites Slated For 9 April Launch

Rival for Starlink and OneWeb. United Launch Alliance slated to send 27 Kuiper satellites into…

3 hours ago

Trump’s Tariffs: Implications For Tech Sector

Semiconductor imports are free of Trump's tariff war, but concerns remain over imports of smartphones…

3 hours ago

OpenAI Secures $40 Billion Funding Deal With SoftBank, Others

SoftBank has agreed a funding deal that will see OpenAI being provided with up to…

20 hours ago

Tesla Sales Plummet Amid Elon Musk Backlash

Tesla sales have plummeted to lowest level in three years, as deliveries of new EVs…

21 hours ago

Amazon Launches Nova AI Agent To Perform Browser Actions

New addition. Next generation foundation model, as Amazon Nova model launches to perform actions within…

23 hours ago