Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Preliminary Research Chapter 2<br />
3. End-to-end user authentication should be provided at terminal devices; and<br />
4. Both clients and servers should be protected against Denial of Service type of attacks.<br />
The list could be continued with many other detailed requirements but the above list<br />
provides sufficient requirements for the analysis of security constraints in the next section.<br />
2.1.3 Whatsapp<br />
Whatsapp is one of the most used communication application for mobile messaging. Whatsapp<br />
had some pretty bad security issues. A review from around May 2011 announced the following.[9]<br />
Messages where send unencrypted over the network and everyone who wanted could read them. If<br />
you think this is all your wrong, besides this you were able to hijack other users their account and<br />
receive their messages or send messages as them.<br />
With the latest Whatsapp version when sending messages you’re still able to see the following: “(1)<br />
the number the message is going to, and (2) the contact name is still send in plaintext”.[10] It should<br />
also still be able to steal other people their accounts through SMS-spoofing, a detailed explanation<br />
by Ricky Gevers.[11] How exactly the messages are encrypted is unclear in their policy:<br />
Whatsapp uses commercially reasonable physical, managerial, and technical safeguards<br />
to preserve the integrity and security of your personal information. We cannot, however,<br />
ensure or warrant the security of any information you transmit to Whatsapp and you do<br />
so at your own risk.[12]<br />
If you read their policy you can notice their a little scared about reverse-engineering. Here is a short<br />
sentence in their policy:<br />
We do disallow any efforts to reverse-engineer our system, our protocols, or explore<br />
outside the boundaries of the normal requests made by WhatsApp clients.[12]<br />
This last sentence does sound a bit inviting to hackers and sort. Even after some security breaches<br />
it’s still possible to see who calls or sends messages to whom in plaintext. The content however is<br />
‘secure’. But you are still able to count the amount of data flowing between mobile numbers/persons.<br />
What is the reason about not encrypting everything?<br />
2.1.4 eBuddy XMS<br />
eBuddy is a well know communication service that integrates different Instant Message (im) services<br />
in a web browser. For mobile phones they launched their own service called eBuddy XMS. eBuddy<br />
XMS is relative new application on the market for mobile messaging. It has a build-in function<br />
to enable and disable encryption. This because encrypting takes more time to deliver and receive<br />
6