[liberationtech] Viber is secure?
Robert Guerra
rguerra at privaterra.org
Fri Sep 21 06:17:13 PDT 2012
Eric,
I'm really not impressed with the so called "security" that is present in Viper. Sorry, but Viper's security seems pretty much like Snake Oil (See Feb 19, 1999 Cryptogram for details, http://www.schneier.com/crypto-gram-9902.html )
Perhaps good to experiment with, but I wouldn't rely on it for conversations of consequence.
Instead, as I and others have mentioned before - a more appropriate recommendation would be to have users shift to ZRTP enabled SIP clients. Yes, they might require slightly more steps to setup and use - but provide a far better level of trust and security.
I'll leave it to others to recommend which ZRTP tools are available and best to use on what platform...
regards
Robert
--
R. Guerra
Phone/Cell: +1 202-905-2081
Twitter: twitter.com/netfreedom
Email: rguerra at privaterra.org
On 2012-09-21, at 7:48 AM, Eric S Johnson wrote:
> From today’s Dragon News Bytes:
>
> Title: Viber Communication Security - unscramble the scrambled
> Author: Michiel Appelman, Jeffrey Bosma and Gerrie Veerman
> Source: SNE/OS3
> Date Published: 24th December 2011
>
> '....In the past couple of years more and more communications which
> used to use the regular mobile operator networks started moving
> towards ip-based networks. This has given rise to ‘apps’ on
> smartphones that enable consumers to connect to each other without
> the use of their mobile operator. More recently the security
> implications of switching from the closed network of the operator to
> the open Internet have become apparent after some ‘apps’ have shown
> severe weaknesses. In this project we will take a look at one app in
> particular: Viber, a voip application used on cellphones. The report
> tries to answer the question how Viber performs — security-wise — in
> comparison to other services. A definitive conclusion has not been
> found but most details of the protocol used to transfer the voice
> data have been documented. The application code has been analyzed
> but no real weaknesses were found. This lack of weaknesses found
> doesn’t mean that the app is secure, due to limited time and
> experience of the authors a lot of investigation is
> still to be done......'
>
> https://www.os3.nl/_media/2011-2012/students/jeffrey_bosma/ssn_report.pdf
>
> Haven’t read it yet.
>
> Best,
> Eric
> PGP
>
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Amin Sabeti
> Sent: Friday, 21 September 2012 17:53
> To: liberationtech
> Subject: Re: [liberationtech] Viber is secure?
>
> Thanks guys, I sent an email to Viber and I haven't received any responses from them.
>
> Nathan is there any chances you or your colleagues test it and publish the result? Because it so popular amongst the Iranian activists.
>
> Thanks,
>
> A
>
> On 21 September 2012 01:04, Eric S Johnson <crates at oneotaslopes.org> wrote:
> Popular in Ethiopia too (where I was, last week).
>
> PGP
>
> From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Amin Sabeti
> Sent: Thursday, 20 September 2012 23:07
> To: Liberation Technologies
> Subject: [liberationtech] Viber is secure?
>
> Hey LibTech,
>
> At this time, Viber (http://www.viber.com/) is so popular amongst the Iranian people and it is one of the popular communication ways in Iran.
>
> I was wondering to know this app is secure or not? The data is encrypted or not?
>
> Thanks,
>
> Amin
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120921/71f976f8/attachment.html>
More information about the liberationtech
mailing list