No Encryption For Viber Communications
The unencrypted way that doodles, videos, locations and images are stored, received and sent by voice over internet protocol (VOIP) and cross-platform text message service Viber opens the door to data interception by service providers or attackers.
Researchers uncovered the Viber vulnerabilities as a part of the ongoing network forensic investigation of chatting applications which helped to discover flaws in WhatsApp as well.
If you are connected through a local network, you can sniff traffic coming through the router and grab all this data.
That means when Viber users connect to an open access Wi-Fi, they can be targeted by MITM attacks, including rogue access points and Address Resolution Protocol poisoning.
The other big issue is that an unencrypted data is transferred through the Internet provider. The issue is compounded as Viber stores data on Amazon servers without any encryption or authentication.
A simple link visit will download the data. It is still stored on Amazon network and anyone who clicks on the link gets an immediate access to it without a need to verify who the user is and whether or not the attacker has sufficient credentials to get that data.
The University of New Haven’s cyber team is warning against using Viber before these bugs are fixed.