University News

UNH Researchers Discover Privacy Flaws in Popular Messaging Apps

Millions of people worldwide whose privacy is at risk due to flaws in the Viber and WhatsApp apps can thank the University of New Haven's Cyber Forensics Research & Education Group (UNHcFREG) at the Tagliatela College of Engineering for discovering the flaws and generating publicity that has led to fixes.

May 01, 2014


Abe Baggili
Abe Baggili

Last month, the UNH Cyber Forensics Research & Education Group showed that data sent using Viber and WhatsApp can be intercepted, making it possible for anyone to snoop on private communications.

Since then, the flaws have been widely reported internationally in some 20 languages in a variety of publications and on numerous websites. As recently as April 30 it was reported by CNET that Viber "has added encryption measures to its messaging app for Android and iOS so that network eavesdroppers no longer can see or tamper with unprotected images, video, and messages about a user's location."

"Viber and WhatsApp together have over 600 million users that may be affected by our discovery," says Abe Baggili, head of the UNHcFREG group and an assistant professor of computer science at the university. This work is about protecting people's privacy, which is big news given everything that is going on with Edward Snowden and the National Security Agency."

"Viber and WhatsApp together have over 600 million users that may be affected by our discovery "

Viber allows users to make free calls, send free texts and share pictures with anyone, anywhere. It also allows a Viber subscriber to send video and voice messages to other Viber users for free.

WhatsApp is similar in that it allows users to exchange messages using a variety of mobile phone platforms. WhatsApp users can create groups, send each other unlimited images, video and audio media messages without having to pay SMS, or text messaging, fees.


Discovering the Flaws

The UNH group first discovered the privacy flaws in WhatsApp through a network forensics research project. The discovery was made by Baggili along with UNH students Jason Moore, Mohammed Al Saif and Atefeh Masihzadeh – which is presented in the video seen below:

They reported that a vulnerability in WhatsApp makes it possible for an attacker to intercept shared locations of the app’s users by "calling out" to Google Maps. This means that an attacker can pinpoint a user and share the user’s location with other WhatsApp users. The UNH researchers demonstrated the flaw in a video that was posted on their website.

They followed this up with the announcement that they had found a similar, but more serious "open transmissions" flaw in Viber, which permanently stored all messages sent by its users on its servers which is also illustrated in the video below:

Find Out More or Join Their Cause

For more information about UNHcFREG’s activities and research, you can visit http://cyberforensics.newhaven.edu or http://www.unhcfreg.com

Recent News

Charger 360

Charger 360 - Season 4, Episode 15: Jess Scibek and Emilio Sanchez ’26 M.S.

Jess Scibek, director of campus recreation, discusses her journey to the University, her background in corporate fitness, and transitioning to a university setting, as well as her passion for helping people stay well and the benefits of the programs available through the David A. Beckerman Recreation Center. Emilio Sanchez ’26, a native of Mexico, a graduate student in sport management, and a graduate assistant with ChargerREC, shared his background living across the globe in China, Singapore, Spain, and the U.S. Jess talked about her family’s passion for New Haven apizza, and Emilio gave an inside look at his experiences in and out of the classroom, including an upcoming sales competition he’ll be part of. “The opportunities that are being offered at this University is something that I have never experienced,” said Emilio.