Viber Vulnerable To Man In The Middle Attack (MITM)
Viber Vulnerable To Man In The Middle Attack (MITM)
Viber is a popular messaging and voice-over-IP app that allows users to make free calls, send texts, pictures, and video messages to other Viber users. It has more than 200 million users in over 193 countries. However, Viber has a serious security flaw that could expose its users to man in the middle (MITM) attacks, where a malicious third party can intercept and alter the communication between two parties.
Viber Vulnerable To Man In The Middle Attack (MITM)
What is a MITM attack?
A MITM attack is a type of cyberattack where a hacker inserts himself between two communicating parties and secretly relays or modifies their messages. For example, Alice and Bob are trying to communicate and Trudy is trying to perform a MITM attack. When Alice sends a message to Bob, Trudy intercepts it and can read, modify, or delete it before forwarding it to Bob. Similarly, when Bob replies to Alice, Trudy can do the same thing. Alice and Bob may not notice that their communication is compromised, while Trudy can access their private information or manipulate them.
MITM attacks can be performed on various types of communication, such as web browsing, email, online banking, or mobile apps. MITM attacks can have serious consequences, such as identity theft, financial fraud, malware infection, or data breach.
How is Viber vulnerable to MITM attacks?
Viber uses encryption to protect the data transmitted between its users. Encryption is a process of transforming data into an unreadable form using a secret key, so that only the intended recipient can decrypt it using the same or a different key. However, encryption alone is not enough to prevent MITM attacks. The sender and the receiver also need to verify each other's identity and ensure that they are using the correct keys. This is done by using certificates, which are digital documents that contain information about the owner of a public key and are signed by a trusted authority.
However, Viber does not use certificates properly to validate the identity of its servers. According to a research paper by the University of New Haven Cyber Forensics Research and Education Group, Viber does not check the validity of the certificates presented by its servers, nor does it pin the certificates to the server's hostname. This means that anyone who can intercept the traffic between Viber and its servers can present a fake certificate and pretend to be Viber's server. This way, the attacker can decrypt and modify the data sent by Viber users, such as phone numbers, contacts, messages, images, videos, or location information.
How to protect yourself from MITM attacks on Viber?
The best way to protect yourself from MITM attacks on Viber is to avoid using it on untrusted networks, such as public Wi-Fi hotspots or networks controlled by hackers. You should also use a VPN (virtual private network) service that encrypts your traffic and routes it through a secure server. A VPN can prevent anyone from snooping on your online activity or tampering with your data.
However, even with a VPN, you are still relying on Viber to secure your communication with its servers. Therefore, you should also update your Viber app regularly and check if it has fixed the certificate validation issue. You should also be careful about what you share on Viber and avoid sending sensitive or personal information that could be used against you.
Conclusion
Viber is a popular app that offers free communication services to millions of users worldwide. However, it has a serious security flaw that makes it vulnerable to MITM attacks, where a hacker can intercept and alter the data sent by Viber users. To protect yourself from MITM attacks on Viber, you should avoid using it on untrusted networks, use a VPN service, update your app regularly, and be careful about what you share on Viber.