Viber Goes the Encryption Route
Apr 21, 2016 11:11 AM PT
Viber on Tuesday announced that it has begun rolling out end-to-end encryption across all devices for the 711 million users of its messaging app.
Users have to download Viber version 6.0 or higher.
The app offers stronger security in every voice or video call, message, video and photo, in both group and one-on-one messages, the company said.
In addition, Viber launched Hidden Chats, a feature that lets users hide specific chats from the main screen so only they know those chats exist. Hidden Chats can be accessed only by using a four-digit PIN.
All users will be protected by encryption automatically once they download the latest Viber app. Those using Viber on an iPad, Android tablet or desktop will be prompted to reconnect it to their smartphone using a QR code.
A color-coded padlock icon on the right-hand side of the device's screen will indicate the level of security applied.
The icon will be gray during end-to-end encrypted conversations. Tapping on the icon will display a tooltip informing users that the messages being sent are encrypted.
Users can authenticate contacts manually by selecting them as trusted contacts. A green padlock icon indicates the selected contact's authentication key will be monitored for future changes, so users can be sure they're communicating with the right person at all times. Tapping on the green icon displays a tooltip informing users that messages being exchanged are encrypted and the contact is verified.
The icon will turn red if there's a problem with the authentication key of a trusted user. That could indicate that the user has changed the primary phone or that a man-in-the-middle attack has been launched.
Tapping on the red icon will display a tooltip noting that Viber cannot verify the other party's number. To resolve the issue, the user needs to be reauthenticated as trusted.
Users can hide a conversation by tapping on the information screen for that chat. They then will be asked for a four-digit PIN. Users of iOS devices will be given the option of providing a fingerprint instead.
Users will be notified of a message in a hidden conversation, but what the message is or whom it's from won't appear on the device screen.
The feature is unidirectional -- if one user hides the conversation, no changes will be made on the other party's end.
"People are becoming increasingly wary about having their conversations monitored," noted Craig Kensek, security expert at Lastline, and "Viber seems to be trying to take advantage of a market opportunity."
A four-digit PIN "seems to be pretty weak, particularly if they mean four digits and not four characters," he told TechNewsWorld.
Following WhatsApp's Lead
Viber is following the lead of WhatsApp, which earlier this month announced it was introducing end-to-end encryption for all communications over its app.
"Viber was one of the apps having no special functions for private encrypted chats," remarked Andrew Komarov, chief intelligence officer at InfoArmor.
"WhatsApp has turned on encryption for all their clients, and that's why other famous mobile apps are paying attention to encryption," he told TechNewsWorld. "Also, they want to remain competitive, as privacy is a serious concern to many users."
The Battle for Privacy
A 2014 U.S. Supreme Court ruling held that police can't search a suspect's cellphone during an arrest without a warrant.
However, the National Security Agency reportedly has been sharing data from its surveillance activities with the FBI, the Drug Enforcement Administration and the IRS, in effect enabling warrantless searches.
Despite the weaknesses in its approach, Viber's move "will offer purchasers another layer of privacy," Kensek said.
Other companies likely will follow suit, he added. "The percentage of people drinking the 'I must encrypt for all my communications' Kool-Aid is tough to forecast but easy to market off of."