Detective agency / Articles / Detective agency “Expert” has conducted a study of the security of using the software ” Viber”

Detective agency “Expert” has conducted a study of the security of using the software ” Viber”

Detective agency “Expert” has conducted a study of the security of using the software ” Viber”

Detective agency “Expert” has conducted a study of the security of using the software ” Viber”

“Is it possible the registration of the account in “Viber” in the automated system (stationary personal computer, laptop or smartphone ) in the case of obtaining short-term access to the SIM card that corresponds to the number of the corresponding operator without the owner’s knowledge of SIM cards, as well as further long-term use of this account for use FOR “Viber” in this automated system without access to this SIM card?”

For starting the operation of the account IN the “App” on a smartphone is sufficient to perform the authentication procedure. To do this, after installing the software “Viber”, the user enters the mobile phone number. After that serevr FOR “Viber” is SMS message with an activation code to that phone number. The user who got access to that code (SIM card assigned to a phone number located in mobile, where it is used FOR “Viber”, or in another phone, the main thing that the user “Viber” get code) introduces him to “Viber”. After this operation the user is autecology in “Viber”. This phone number will be displayed as the user number FOR “Viber”.

The user will be able to use your account AT “Viber” as long as the other person does not use this is the phone number for your account AT “Viber”.

Thus, prolonged use of the account FOR “Viber” without constant access to a SIM card which fixed the number of the relevant operator it is possible, in the case of obtaining short-term access the SIM card without the knowledge of owner of SIM card. further long-term use of this account for use FOR “Viber” in this automated system without access to this SIM card.

“For a time (short-term, long-term) may account FOR “Viber” for use ON “Viber”, which is installed on an automated system without access to the SIM card and phone number and without the knowledge of the owner of such SIM card with the corresponding number?”

Such use is possible as long as the other person does not use this is the number of the relevant operator, to register your account IN “Viber”. While the above person must have access to a SIM card which fixed the number of the relevant operator or an automated system where you installed this SIM card to receive SMS with the activation code of the account in “Viber”.

If another person (including the owner of the SIM card) does not activate the account FOR “Viber” using the same number of the relevant operator, long-term use account VIA “Viber” for use ON “Viber”, which is installed on an automated system without access to the SIM card and phone number and without the knowledge of the owner of such SIM card with the corresponding number, perhaps.

“Provided BY “VoIP”, information about the use of “Call” by sending SMS directly to the SIM card number of the corresponding operator?”

“Get” sends an SMS message to the number of the account owner only to check whether the person who entered the corresponding number of the mobile phone is indeed its owner. That is, after the account FOR “Viber” is activated in the automated system, the following SMS-message from “Viber” on the number of the corresponding operator, which was used to register the account IN “Viber” will come only when you try to activate using this number account FOR “Viber” to another automated system.

Therefore, while not trying to install “Viber” on another automated system on the number of the relevant operator fails to do SMS messages use this room to work ON “Viber”.

“Possible intervention of unauthorized person in the job (contents of saved messages) BY Viber on your smartphone or intervention in the operation of the service (server, database) ON Viber?”

For this there is no information about the examination of technical protection of information, assessment to protect the integrity and availability of information by the relevant state authorities of Ukraine. Also, “Viber” is not a software product open source, making it impossible to conduct an independent audit to protect the integrity and availability of information.

Thus, the potential exists that third parties can illegally influence the content of posts ON “Viber” in the smartphone, in particular when physical access to it, and on the work of servers, ensuring operation AT the “Viber”

Detective agency “Expert” has conducted a study of the security of using the software ” Viber”

The study used the following information sources:
  1. Getting started: install Viber https://support.viber.com/customer/ru/portal/articles/1340165-%D0%9D%D0%B0%D1%87%D0%B0%D0%BB%D0%BE-%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D1%8B-%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-viber
  2. Change phone number https://support.viber.com/customer/ru/portal/articles/2753274-%D0%A1%D0%BC%D0%B5%D0%BD%D0%B0-%D0%BD%D0%BE%D0%BC%D0%B5%D1%80%D0%B0-%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD%D0%B0#change-phone-number-on-the-same-device
  3. The list of means of technical protection of information, allowed to provide technical protection of state information resources and information, the requirement concerning which protection is established by law – http://www.dsszzi.gov.ua/dsszzi/control/uk/publish/article?art_id=234237&cat_id=39181
  4. The law of Ukraine “On scientific and scientific technical expertise”;
  5. The law of Ukraine “On protection of information in telecommunication systems”;
  6. The rules of protection of information in information, telecommunication and information-telecommunication systems approved by the resolution of the Cabinet of Ministers of Ukraine dated 29.03.06 № 373;
  7. The Statute about state expertise in the sphere of technical protection of information, approved by order of administration of State service of special communication and information protection of Ukraine 16.05.2007 № 93, registered in Ministry of justice of Ukraine 16.07.2007 № 820/14087″.
  8. ND TPI 2.5-004-99 evaluation Criteria of information protection in computer systems from unauthorized access.
  9. ND TPI 1.1-004-99. General provisions for the protection of information in computer systems from unauthorized access.
  10. ND TPI 1.1-003-99 Terminology in the field of protection of information in computer systems from unauthorized access.

Detective agency “Expert” has conducted a study of the security of using the software ” Viber” call or email us for advice

CONCLUSIONS:
  1. It is possible to use an account FOR “Viber” without constant access to a SIM card which fixed the number of the relevant operator, in the case of obtaining short-term access the SIM card without the owner’s knowledge of SIM cards, as well as further use of this account for use FOR “Viber” in this automated system without access to this SIM card.
  2. Perhaps long-term using an account ON “Viber” for use ON “Viber”, which is installed on an automated system without access to the SIM card and phone number and without the knowledge of the owner of such SIM card with the corresponding number.
  3. While not trying to install “Viber” on another automated system using the number of the corresponding operator on this number you will receive SMS messages about the use of this number in the “Viber”.
  4. The potential exists that third parties can illegally influence the content of posts ON “Viber” in the smartphone, in particular when physical access to it, and on the work of servers, allowing operation of “Viber”.
Detective agency “Expert” has conducted a study of the security of using the software ” Viber” – 05.17.2018
Articles
admin
No comments

Leave a comment