Millions of people worldwide whose privacy is at risk due to flaws in the Viber and WhatsApp apps can thank the University of New Haven's Cyber Forensics Research & Education Group (UNHcFREG) at the Tagliatela College of Engineering for discovering the flaws and generating publicity that has led to fixes.
Viber allows users to make free calls, send free texts and share pictures with anyone, anywhere. It also allows a Viber subscriber to send video and voice messages to other Viber users for free.
WhatsApp is similar in that it allows users to exchange messages using a variety of mobile phone platforms. WhatsApp users can create groups, send each other unlimited images, video and audio media messages without having to pay SMS, or text messaging, fees.
Discovering the Flaws
The UNH group first discovered the privacy flaws in WhatsApp through a network forensics research project. The discovery was made by Baggili along with UNH students Jason Moore, Mohammed Al Saif and Atefeh Masihzadeh – which is presented in the video seen below:
They reported that a vulnerability in WhatsApp makes it possible for an attacker to intercept shared locations of the app’s users by "calling out" to Google Maps. This means that an attacker can pinpoint a user and share the user’s location with other WhatsApp users. The UNH researchers demonstrated the flaw in a video that was posted on their website.
They followed this up with the announcement that they had found a similar, but more serious "open transmissions" flaw in Viber, which permanently stored all messages sent by its users on its servers which is also illustrated in the video below: