Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 3 Experiments In this chapter different approaches are documented which were used to try and reveal any weaknesses in the application. 3.1 Local Storage For a mobile communication application it is not only important to secure data which is send or received from your phone. But also what kind information gets stored and kept on it. Suppose your phone gets stolen or lost, what may other people retrieve or find on it? In this chapter will be looked in the files that Viber stores on your phone. What information can be gained from it? Viber not only uses a database but also uses some Extensible Markup Language (xml) files where it stores data in. 3.1.1 Database Viber uses a database to store different kind of information. Viber makes use of a so called SQLite database for storing their data. The first thing that could be noticed was that everything was unencrypted and you could access the database fairly easily, once you have access on a phone of course. Since the implementation can differ between Operating System (os) we will look closer into Android and iOS and then end with a short conclusion about what can be found. iOS It was easy to locate and access the SQLite database on an iOS phone. You only need to jailbreak your phone. All data is stored into a single database. Only the important data that could be interesting or important for this project is mentioned. The following information is stored in plaintext inside the iOS database: • Your whole address-book (even non-Viber users) • Other address-book with Viber contacts (phone number and name) • All messages that have been send plus the current location • All calls made and received • A list with links to attachment (pictures) • Log file for missed and received calls • Your Viber user ID • A table which counts/summarise all above 12
Experiments Chapter 3 Android On Android it’s almost the same to gain access to the files since your Android device also needs to be rooted to get to them. But once you have done this you can get to the files, it was also quite easy to locate them. Android has three SQLite databases stored one is called ‘viber_hashes’ which sounded promising but unfortunately was empty. The other two did contain information one more than the other. It contained globally the following information: • Contains call log information (who called you and did you call) • Address book of Viber contacts (phone number and name) • All messages send/received with location information and if data (pictures) linked to it • Every message has its own token • A table which counts message per user contact • A table which counts/summarises all above 3.1.2 Files Viber not only stores data into database but also has some xml files. It also stores the pictures send and received in a different location on your phone, which are of course possible to get without rooting your phone. iOS Viber has only one xml file on iOS, this file is called ‘settings’ and contains the following information: • Your own phone number • Count of your Viber contacts • If you are registered or not • Messages received and send count • Version that is being used • Some hashes (You can guess that it’s the same as on android) 13
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 11 and 12: Preliminary Research Chapter 2 2.1.
Page 13: Preliminary Research Chapter 2 2.2.
Page 17 and 18: Experiments Chapter 3 (a) Android D
Page 19 and 20: Experiments Chapter 3 3.2 Reverse E
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23 and 24: Experiments Chapter 3 Signaling Mes
Page 25 and 26: Experiments Chapter 3 Time Source i
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29 and 30: Experiments Chapter 3 1 public Stri
Page 31 and 32: Experiments Chapter 3 It does nothi
Page 33 and 34: Experiments Chapter 3 1 private Con
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?