Published on April 24th, 2014 📆 | 7369 Views ⚑0
Viber Vulnerable To Man In The Middle Attack (MITM)
Researchers found that users' data stored on the Viber Amazon Servers including images and videos are stored in an unencrypted form that could be easily accessed without any authentication i.e.which gives leverage to an attacker to simply visiting the intercepted link on a website for the complete access to the data.
In a video, the researchers demonstrated that viber is not encrypting any data such as images, doodles, videos and location images while exchanging it with their Amazon server, that allows an attacker to capture this unencrypted traffic with man-in-the middle attack.
“The main issue is that the above-mentioned data is unencrypted, leaving it open for interception through either a Rogue AP, or any man-in-the middle attacks,” the researcher wrote in the blog post.
An attacker can use any network testing tool such as NetworkMiner, Wireshark, and NetWitness to capture the traffic during man-in-the-middle attack.
"Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone." Professor Ibrahim Baggili, and Jason Moore said.
In Whitehat style, researchers had already reported the vulnerabilities to the Viber team before publishing their findings to the blog, but haven't received any response yet.
“It is important to let the people know of these vulnerabilities, therefore, we chose to publish these results and the video in this post,” they wrote.
0 Responses to Viber Vulnerable To Man In The Middle Attack (MITM)