Sweet, sweet Viber

If we evaluate advertising strategies, then a shy Viber is a complete opposite to Telegram: it is a messenger that is often referred to as Belarusian. This version was supported on the top level: in January 2017 the Belarusian President stated that the application is an offspring of Belarusian developers. He is partly right, since one of the project founders is from this country and besides there are two offices of this company residing here. Another IT team is working from Israel and its headquarters is located in Luxembourg. And the owner of the service is a Japanese Corporation Rakuten.

However, we are interested neither in the origin, nor in the image-making strategies of the company – we are concerned about the product’s security. At first sight this part looks as usual: a message history is openly stored on users’ devices, end-to-end encryption and implementation of its own Proteus protocol (basically the same as Signal).

a link to the fourth video

In April 2016 the company’s representatives stated:

Viber will not open access to message histories in any country and under no circumstances. We maintain the same position as Apple and WhatsApp. The company has records of interactions between different phone numbers, but we do not have access to contents of messages or conversations.

Sounds great but let’s turn our eyes to facts. Viber is forbidden, say, in China – it’s no wonder since all the internet is under control there. Popular VoIP services such as Viber, Skype and WhatsApp have been forbidden in Saudi Arabia since 2013 being a result of lobbying interests of the local providers. There are mentions about restriction attempts in other countries (including Belorussia) and they are also a result of service providers’ security on a state level.

No other data about the messenger being at conflict with authorities. Everyyone is okay with Viber.

At the same time the service is vulnerable for various attacks: for example, it is enough to open an image sent by a malefactor. In January 2017 Russian specialists published data about possible eavesdropping via this messenger on mobile devices. Moreover whenever a user sent images, drawings or shared location this information could be easily captured by a man-in-the-middle.

But the reason for a separate post about Viber is behind a tricky technical research. To shape the main problem of the messenger into words there is no need to rely upon expert’s opinions or carry out lab experiments. Things are much more primitive…

An application from the top 5 popular messengers of the planet[1] is a leader in terms of spam volumes. It’s not enough to say there’s too much of it. It’s significantly worse that users are not able to filter messages from service providers and sellers that are forbidden by law. A harmless ‘messenger for housewives’ is actively used by drug traffickers, whoremongers and other representatives of the criminal world.

And that’s not about it: the service itself looks not as ‘fluffy’ as it seems to be. Viber collects maximum of user’s data, especially via its desktop versions. And it’s not even trying to hide it – it publicly declares its policy.

Users in turn do not spare emotions while evaluating the service. Here are the most typical comments found online:

“…the biggest drawback is that all your pictures that you send to a friend become a public domain. No any privacy policy. Neither your contact nor text-messages, nor photos or videos are secured. Everything just flows into a common pot accessible by absolutely everyone…”

”And there is no way to block this spam, even if you do block it there’re still these pop-up messages asking I would still be willing to read them…”

“My Viber has been hacked although no one has ever taken my phone. And now using my name a group has been created and some goods are being sold. Please, tell me what I can do?”

“Not so long ago we learned from our friends that the number my wife using for calls only has appeared in Viber. And the avatar keeps changing daily with an advertising content <…> and I send a viber message to this number, but my wife doesn’t receive it on her phone and no one answers. Changing a sim-card, a reset, changing an account have been of no help and the antivirus does not detect any viruses. And the main thing is that you can’t log into viber using this number neither from your phone, nor from your computer…”

“that is having a database filled with numbers (just a number if digits in a row) and having added them into contacts one can group them where to one forward spam. That’s what they essentially do”.

Drawing conclusions, one can say with confidence that Viber’s security is far lower than it is declared. Its vulnerabilities is a bright example of a primitive approach to the product implementation: the service developers have taken care of encryption, declared respect for civil rights and freedoms… and neglected the main right of their customers by turning them into an object of ultimately aggressive monetization.

[1] Excluding Chinese messengers WeChat and QQ from the rating list.

Tinggalkan Balasan

Alamat e-mel anda tidak akan disiarkan. Medan diperlukan ditanda dengan *

Berlangganan newsletter kami

© Komunikasi AEGEES 2018. Hak Cipta Terpelihara