Researchers at University of New Haven Cyber Forensics Research and Education Group (UNHcFREG) have found serious flaws in the Viber.
The researchers found bug and vulnerability in almost all data including images, doodles, locations as all of them were unencrypted.
“We also see potential issues in the way Viber stores data in an unencrypted format on their servers with no authentication mechanism for them to be retrieved from a client,” a post by Dr Ibarhim Baggili said.
For the test, the team used HTC One (Android version 4.4.2), Samsung Galaxy S4 (Android version 4.3) while the Viber version was 188.8.131.522.
- Images received are unencrypted
- Doodles received are unencrypted
- Videos received are unencrypted
- Location images sent and received are unencrypted
- Data is stored on the Viber Amazon Servers in an unencrypted format
- Data stored on the Viber Amazon Servers is not deleted immediately
- Data stored on the Viber Amazon Servers can be easily accessed without any authentication mechanism (Simply visiting the intercepted link on a web browser gives us complete access to the data)
The team also suggested a tip as solution for heavy Viber user:
“Make sure the data is encrypted over a tunnel when it is sent. Also make sure the data is encrypted properly when saved, and authenticated when being accessed. “