Pages

Saturday, April 23, 2016

Viber defends new end-to-end encryption standard protocol against criticism

Messaging app Viber rolled out a end-to-end encryption update recently, following in the actions of its competitor, WhatsApp, and allowing users to hold their calls and mail messages private. But researchers are wondering whether Viber’s messages are actually as secure as the corporation claims.

In a short article announcing the change, Viber COO Michael Shmilov says that this new feature will shield messages sent by Viber’s 800 million users from staying accessed by anyone in addition to the people in the chat - such as company itself. “We have been working on this for years and are proud that our users can confidently use Viber without nervous about their messages being intercepted - unique in a one-to-one as well as group message, on a new call, on desktop, portable or tablet, ” Shmilov is currently writing.

But unlike WhatsApp, Viber has yet to publish details about how their encryption is implemented. (Developers of encryption devices commonly publish documentation just for them to be audited for vulnerabilities by simply other researchers. ) WhatsApp caused the developers of risk-free messaging app Signal along with published a security whitepaper detail how users’ messages can be encrypted.

Viber has thus far declined to publish specifics precisely it is encrypting users’ mail messages, which has left technologists to take a position about the methods Viber can be using. Frederic Jacobs, a security researcher who previously handled Signal and is currently students at the EPFL, pointed out that Viber may be utilising an MD5 algorithm, widely thought to be cryptographically insecure.

However, a new Viber spokesperson told TechCrunch, “MD5 is just not being used. ”

“Viber will never grant backdoor access underneath any circumstance and in any country. We agree while using stance both Apple and WhatsApp took. Viber can access documents that show only that particular phone number has contacted another number. However we cannot access this article of messages or mobile phone conversations, ” the spokesperson included.

Shmilov told TechCrunch yesterday that Viber ended up working on end-to-end encryption for many years, and that users would be able to authenticate their contacts ahead of exchanging messages. A spokesperson clarified right now that Viber has executed several internal audits for the encryption protocol it can be using, and said that external audits are out soon.

“Our encryption protocol was determined by an open source standard protocol concept, with an extra a higher level security developed in-house, ” your spokesperson explained.

Online messages are simply as secure as the encryption employed to protect them, and it is usually difficult to build rely upon a product if their maker isn’t transparent with regards to security. Without proper stability documentation, users are left in the dark in relation to choosing which apps for you to trust.

Joe Hall, the primary technologist of the Centre for Democracy and Technological innovation, expressed concern that companies are so needing to join the rush for you to encrypting users’ messages that they can aren’t taking the steps necessary to put together proper security. “In your rush to encrypt anything, I’m hoping encryption doesn’t become simply a fad, resulting in inadequate security engineering. It’s cloudy if that’s what’s going on here, but I suspect we’ll see that eventually, ” Hall told TechCrunch.

Thus far, Viber has made end-to-end encryption accessible in Brazil, Belarus, Israel along with Thailand, but users are able to access the feature worldwide within the next two weeks.

Techsourcenetwork