Wednesday, 30 April 2014

Viber practically gives its user data away

Are you a Viber user? Well you may want to be a little more careful about what you say over the popular smartphone messaging service.

New reports reveal that Viber actually gives up user data: both messages and phone calls.
The research was conducted by the University of New Haven. User data is stored on Viber’s servers, but the data is unencrypted and anyone who has a link to the data can access it. No passwords. No protection, just open access to anyone who wants to see it.
“The data is stored on Viber’s server in an unencrypted manner. There is also no authentication method used, so anybody who has access to these links can look at this data, retrieve this data, and do whatever they want with it. “
Viber isn’t the only culprit in the mobile messaging game: Whatsapp was also found to have severe vulnerabilities which can easily be exploited. Using simple traffic sniffing tools, both Viber and Whatsapp user data were extrapolated with little difficulty.
Viber did say that they fixed the issue, however:
“This issue has already been resolved. It is currently in QA and the fix will be released for Android and submitted to Apple on Monday. As of today we aren’t aware of a single user who has been affected by this. “
It does seem troubling that Viber had to fix the issue in the first place. It isn’t as if the messaging service had been hacked; Viber just didn’t provide any encryption for the data.
Does anyone feel a bit more wary about using internet messaging services? Will you do a little more research before sending private data over them? Let us know in the comments!
Source

No comments:

Post a Comment