Messaging
app Viber rolled out a end-to-end encryption update recently, following in the
actions of its competitor, WhatsApp, and allowing users to hold their calls and
mail messages private. But researchers are wondering whether Viber’s messages
are actually as secure as the corporation claims.
In a
short article announcing the change, Viber COO Michael Shmilov says that this
new feature will shield messages sent by Viber’s 800 million users from staying
accessed by anyone in addition to the people in the chat - such as company
itself. “We have been working on this for years and are proud that our users
can confidently use Viber without nervous about their messages being
intercepted - unique in a one-to-one as well as group message, on a new call,
on desktop, portable or tablet, ” Shmilov is currently writing.
But
unlike WhatsApp, Viber has yet to publish details about how their encryption is
implemented. (Developers of encryption devices commonly publish documentation
just for them to be audited for vulnerabilities by simply other researchers. )
WhatsApp caused the developers of risk-free messaging app Signal along with published
a security whitepaper detail how users’ messages can be encrypted.
Viber
has thus far declined to publish specifics precisely it is encrypting users’
mail messages, which has left technologists to take a position about the
methods Viber can be using. Frederic Jacobs, a security researcher who
previously handled Signal and is currently students at the EPFL, pointed out
that Viber may be utilising an MD5 algorithm, widely thought to be
cryptographically insecure.
However,
a new Viber spokesperson told TechCrunch, “MD5 is just not being used. ”
“Viber
will never grant backdoor access underneath any circumstance and in any
country. We agree while using stance both Apple and WhatsApp took. Viber can
access documents that show only that particular phone number has contacted
another number. However we cannot access this article of messages or mobile
phone conversations, ” the spokesperson included.
Shmilov
told TechCrunch yesterday that Viber ended up working on end-to-end encryption
for many years, and that users would be able to authenticate their contacts
ahead of exchanging messages. A spokesperson clarified right now that Viber has
executed several internal audits for the encryption protocol it can be using,
and said that external audits are out soon.
“Our
encryption protocol was determined by an open source standard protocol concept,
with an extra a higher level security developed in-house, ” your spokesperson
explained.
Online
messages are simply as secure as the encryption employed to protect them, and
it is usually difficult to build rely upon a product if their maker isn’t
transparent with regards to security. Without proper stability documentation,
users are left in the dark in relation to choosing which apps for you to trust.
Joe
Hall, the primary technologist of the Centre for Democracy and Technological
innovation, expressed concern that companies are so needing to join the rush
for you to encrypting users’ messages that they can aren’t taking the steps
necessary to put together proper security. “In your rush to encrypt anything,
I’m hoping encryption doesn’t become simply a fad, resulting in inadequate
security engineering. It’s cloudy if that’s what’s going on here, but I suspect
we’ll see that eventually, ” Hall told TechCrunch.
Thus
far, Viber has made end-to-end encryption accessible in Brazil, Belarus, Israel
along with Thailand, but users are able to access the feature worldwide within
the next two weeks.
Techsourcenetwork