Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 Android In Android Viber has multiple xml files which all contain little information, in those xml files the following can be found: • Viber account version number • A ‘dm_registration’ key number (used for the android market) • Your ‘device key’ (hash) • Last registered number (your own number) • Your Viber User ID (hash) • A ‘Sync hash’ • Last message token ID • Last mist call log • Your activation code (the one you get through SMS) 3.1.3 Conclusion of Viber’s data stored Is seems that everything you do with Viber gets stored inside a database. Viber makes use of the SQLite database with some xml files for different kind of data. Both Android and iOS need to be rooted and jailbreaked to gain access to them. All Viber databases and files are stored unencrypted or could be said in normal plaintext. The data in the xml files is used for the configuration of the application. The data inside the database look like log files and only stores messages plus your address-book. Photos called attachments in the database are saved in a separated directory. But there can be concluded that your Viber data is easily accessible on your phone both on Android and iOS. Database The databases contain on both os’s all Viber contacts but on iOS also your normal address-book can be found. All messages send and received are stored with tables for your location (if that function is on). Both databases have a list of calls received and made. It’s also interesting that on Android every message has his own token and sequence numbers attached to it while iOS only stores the sequence numbers. Both databases contain a table with summaries on how many message are send and calls are made. The iOS database also looks better organised than the one on Android. Android has two more databases than iOS. Maybe they ‘viber_hashes’ database which also can be found in Android was used in a previous version of Viber. Below you can compare how the messages are stored in both databases: You can see Android uses the token value while iOS doesn’t. Android further in the table also has a sequence value which is being filled. But iOS on the other hand only has a sequence value filled 14
Experiments Chapter 3 (a) Android Database (b) iOS Database in, the token value stays zero. The tables in iOS link more to other tables as you can see this one contains lesser data/information then the one on Android. XML Files How though the databases contain some relevant information the most interesting data can be found inside the xml files. Those files contain configuration options. On iOS it isn’t really clear what some values are especially for the hashes stored it is unclear. Android however has clear attribute names saying what the value contains. See an example between iOS and android below: Android: 1 < string name =" reg_viber_phone_num ">063834 xxxx 2 < string name =" viber_udid ">3 dd7ba273122f746c1bd37c4cc8180d57b4261d5 3 < string name =" pref_list_id ">’421 ’,’367 ’,’1204 ’,’212 ’,’1841 ’,’1841 ’,’244 ’,’76 ’,’29 ’, ’1685 ’,’33 ’ 4 < boolean name =" pref_started_before " value =" true " /> 5 < boolean name =" do_full_sync " value =" true " /> 6 < boolean name =" pref_clear_prefs " value =" false " /> 7 8 < string name =" reg_viber_country_code ">31 9 < string name =" reg_viber_local_country_code ">0 10 < string name =" registered_viber_phone_num ">+31063834 xxxx 15
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 15: Experiments Chapter 3 Android On An
Page 19 and 20: Experiments Chapter 3 3.2 Reverse E
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23 and 24: Experiments Chapter 3 Signaling Mes
Page 25 and 26: Experiments Chapter 3 Time Source i
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29 and 30: Experiments Chapter 3 1 public Stri
Page 31 and 32: Experiments Chapter 3 It does nothi
Page 33 and 34: Experiments Chapter 3 1 private Con
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?