Security researchers from UNH Cyber Forensics Research & Education Group have discovered several vulnerabilities and bad security practices in a popular messaging application, the well-known Viber, threatening the privacy of 150 million active users of the service.
The results of their research as they published
Results Summary
- Images received are unencrypted
- Doodles received are unencrypted
- Videos received are unencrypted
- Location images sent and received are unencrypted
- Data is stored on the Amazon Servers in an unencrypted format
- Data stored on the Vibr Amazon Servers is not deleted immediately
- Data stored on the Viber Amazon Servers can be easily accessed without any authentication mechanism (Simply visiting the intercepted link on a web browser gives us complete access to the data)
Οι ερευνητές διαπίστωσαν ότι τα δεδομένα των χρηστών αποθηκεύονται στους Servers της companyς που ουσιαστικά είναι servers της Amazon. Τα δεδομένα συμπεριλαμβάνουν εικόνες, βίντεο και μηνύματα, τα οποία αποθηκεύονται σε μη κρυπτογραφημένη μορφή και χωρίς κανένα μηχανισμό ελέγχου ID cards. So attackers simply visit the link and have full access to the data.
In a demonstration video, the researchers demonstrated how the company does not encrypt data while transferring it between servers that uses, which allows an attacker to intercept traffic and perform man-in-the-middle attacks.
Researchers have reported vulnerabilities in the application team before publishing their findings on their blog but have not received any response.
"It is important to let people know about these weaknesses, so we chose to present the results and the video of the research in this post. blog their.
Watch the demo video
