Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Experiments Chapter 3<br />
3 Experiments<br />
In this chapter different approaches are documented which were used to try and reveal any weaknesses<br />
in the application.<br />
3.1 Local Storage<br />
For a mobile communication application it is not only important to secure data which is send or<br />
received from your phone. But also what kind information gets stored and kept on it. Suppose your<br />
phone gets stolen or lost, what may other people retrieve or find on it? In this chapter will be looked<br />
in the files that <strong>Viber</strong> stores on your phone. What information can be gained from it? <strong>Viber</strong> not<br />
only uses a database but also uses some Extensible Markup Language (xml) files where it stores<br />
data in.<br />
3.1.1 Database<br />
<strong>Viber</strong> uses a database to store different kind of information. <strong>Viber</strong> makes use of a so called SQLite<br />
database for storing their data. The first thing that could be noticed was that everything was<br />
unencrypted and you could access the database fairly easily, once you have access on a phone of<br />
course. Since the implementation can differ between Operating System (os) we will look closer into<br />
Android and iOS and then end with a short conclusion about what can be found.<br />
iOS<br />
It was easy to locate and access the SQLite database on an iOS phone. You only need to jailbreak your<br />
phone. All data is stored into a single database. Only the important data that could be interesting<br />
or important for this project is mentioned. The following information is stored in plaintext inside<br />
the iOS database:<br />
• Your whole address-book (even non-<strong>Viber</strong> users)<br />
• Other address-book with <strong>Viber</strong> contacts (phone number and name)<br />
• All messages that have been send plus the current location<br />
• All calls made and received<br />
• A list with links to attachment (pictures)<br />
• Log file for missed and received calls<br />
• Your <strong>Viber</strong> user ID<br />
• A table which counts/summarise all above<br />
12