
Viber adds end-to-end encryption - subliminalpanda
http://techcrunch.com/2016/04/19/viber-adds-end-to-end-encryption-hidden-chats-universal-delete-as-messaging-app-privacy-grows/?ncid=rss
======
DonHopkins
What really impresses me about Viber is the way they went all out and splurged
with an honest to god penultimate "e" before the final "r". Most dot-com
companies would have settled for "Vibr", but they went the distance and bought
an authentic luxurious vowel, precisely where it was called for, without going
overboard and throwing in a sometimes-vowel "y" in place of the "i". Very bold
and straightforward spelling, I must say. Color me impressed!

~~~
dkopi
Viber is an Israeli company, don't be so judgmental of their poor startup
spelling skills.

~~~
DonHopkins
No, you misunderstand: I am truly and earnestly impressed by their good
spelling, not criticizing any bad grammar. If they'd named it "Vybr," it would
have come off like Steve Buscemie holding a skateboard over his shoulder
wearing a MUSIC BAND t-shirt, desperately trying to appeal to the youth
demographic.

~~~
dkopi
Read that one again with </sarcasm> at the end :)

------
nxzero
End-to-end (E2E) code needs to be open source and venders that don't agree to
an audit should be considered insecure; holds true for What's App, which
declined to allow their E2E code to be audited.

Also, message metadata is still being leaked by all of these E2E
implementations and needs to be fixed.

~~~
mtgx
Would open sourcing the Whatsapp client hurt Whatsapp in any significant way?

I mean, sure, there could be "Whatsapp clones" (aren't there already?!), but
wouldn't Whatsapp still benefit from the phone number user base it has, thus
maintaining a certain lock-in on its users from which it already benefits?

~~~
andrey_utkin
> I mean, sure, there could be "Whatsapp clones" (aren't there already?!)

Sounds funny if you consider that Whatsapp itself is just a branded deployment
of FOSS XMPP server Ejabberd, with feature of federation taken away. Plus a
client app implementation, of course.

~~~
jeena
That is only possible because Ejabberd doesn't use the AGPL license.

~~~
goodplay
Come on, it would definitely still be possible with AGPL code. What brought
people to whatsapp is its ubiquity and the fact that it just works, and what
keeps them from going elsewhere is the inevitable network effect.

Nothing in the AGPL prevents either from occurring.

~~~
onli
I think you are misunderstanding jeena. If ejabberd were AGPL, then a fork/a
instance of it like Whatsapp would be legally obliged to open up their code as
well.

No idea whether the assumption is true that Whatsapp is just a branded
deployment.

~~~
goodplay
I still don't understand how opening up the codebase would prevent them from
being successful.

As the countless messaging apps out there demonstrate, the value of
communication apps lies in the network they build. If they provide a decent
UX, and successfully bootstrap a network large enough, it wont matter if their
code is open.

~~~
onli
I don't think that was an argument against that. At least I agree. The
situation is only possible because the AGPL is not used for the free
component, but Whatsapp should have no problem opening up their code.

------
ikeboy
>The enhanced delete feature, meanwhile, has been in the app for a while, but
is part of the company’s is a way for users to wipe a conversation not just on
their end, but on that of the recipient’s phone. You can think of this as
Viber’s answer to ephemeral messaging, but with a more manual approach.

Does anyone else think this is a violation of users' rights? If I've been sent
a message, it shouldn't be possible for the server to delete it. I could
screenshot everything, or run a tweak that saves everything.

Imagine if Gmail started allowing senders to remove email they've already sent
and has been delivered.

~~~
dchest
Imagine you're on the run from mafia and communicating with your parents via a
messenger. You sent your current location and after a few hours mafia people
approached your parents and took their phone. Now, if you sent an message that
deletes itself, you're sure that unless your parents didn't preserve it
intentionally by copying and pasting or taking screenshot, this location isn't
revealed to mafia. If your messenger didn't have this feature, your parents
would have manually delete the sensitive message — what if they forgot?

This feature is quite useful, even if not 100% proof.

~~~
ikeboy
As I said below, if every request had to go through customer service, I might
be okay with it.

And doesn't the same logic apply to Gmail? Do you think they should do the
same?

------
secfirstmd
I highly recommend following the updates from Frederic Jacobs on his Twitter.
He has already found a number of significant flaws with Viber encryption...

"Wow, Viber disables crypto based on geo-location? Export controls related?"
[https://twitter.com/FredericJacobs/status/722511416381480961](https://twitter.com/FredericJacobs/status/722511416381480961)

"Viber’s encryption appears to be a custom C++ implementation. Super
reassuring they use MD5 for attachments." pic.twitter.com/wi6lB30KjY

[https://twitter.com/FredericJacobs/status/722489499779858432](https://twitter.com/FredericJacobs/status/722489499779858432)

------
tptacek
It sounds like there's not yet any published details on what the crypto
Viber's using is. Can we withhold judgement until we get that? I'm fine with
closed-source, but not with no technical documentation.

Most people who try to implement cryptographically secure messaging get it
badly wrong.

~~~
morgante
We absolutely _do_ need to get some documentation to judge whether Viber has
good crypto.

That being said, we can still judge them positively for at least trying to
secure their user's messages end-to-end.

------
pttrsmrt
More great news from the world of communication, but yet again I'm wondering
how we can trust the encryption to really be end-to-end without access to the
code. Are the messages still traveling through Vibers servers? Is there any
way to know?

~~~
dkopi
"I'm wondering how we can trust the encryption" You can't. Not unless the
company employees security experts, has a significant bug bounty program (with
significant rewards), is open to a degree about their securit architecture,
and is popular enough for white hats to actively seek out bugs.

This isn't about trusting that the company isn't try to dupe you. It's about
trusting that the company can implement security properly, and that enough
"good" people will find security flaws before the "bad" guys do.

~~~
ZenoArrow
You're both saying the same thing.

As for the good people vs. bad people argument, it should be noted that the
good people have a harder job than the bad people. For the bad people to do
their job, they only have to find one exploit, whereas the good people have to
find most/all of them to have made the system secure. That's why employing
people to work on security matters (whether through a bug bounty program or
through direct employment), a company that values security shouldn't rely on
unpaid volunteers alone.

------
Inthenameofmine
Viber has become a shadow of its former self. It regularly crashes all phones
in my family, you get message notifications way too late, and it takes up a
ton of storage on your phone.

------
karon
I wouldn't touch Viber with a ten foot pole, even if their entire crypto
implementation was open source (which it is not). The company was founded by
an ex-military (some sources say ex-Mossad) dude. He is also connected to
several spyware applications.

“Talmon served for four years in the Israel Defense Forces and held the
position of CIO of the central command. He graduated Cum Laude from the Tel-
Aviv University with a degree in Computer Science and Management.”

More here:
[https://viberphoneapp.wordpress.com/](https://viberphoneapp.wordpress.com/)

[http://www.moh10ly.com/home/security/viberisaspy](http://www.moh10ly.com/home/security/viberisaspy)

[http://www.jpost.com/Business/Business-Features/Japans-
Rakut...](http://www.jpost.com/Business/Business-Features/Japans-Rakuten-
acquires-Israeli-tech-company-Viber-for-900-million-341447)

[https://www.theguardian.com/technology/2013/aug/30/viber-
fou...](https://www.theguardian.com/technology/2013/aug/30/viber-founder-
talmon-marco-privacy)

------
giancarlostoro
I always enjoyed using Viber, but I never liked that it featured no
encryption. It is an alternative for Skype for me, I could video call from my
phone, laptop, tablet, etc and do audio calls. Skype became insecure, it leaks
your IP address and it's got terrible synchronization issues, and now chatting
is really buggy, messages show up in the wrong place for me, as well as the
Linux client for it sucks. Viber has a good all around client for every OS
I've used it in (including Linux).

This is fantastic news, as others have said, maybe they should really open
source the portions of code that have to deal with E2E encryption so it may be
audited.

~~~
skrowl
Skype stopped leaking your IP address earlier this year. It existed before
that, but is now the default behavior. [http://blogs.skype.com/2016/01/21/to-
our-gamers-ip-will-now-...](http://blogs.skype.com/2016/01/21/to-our-gamers-
ip-will-now-be-hidden-by-default-in-latest-update/)

~~~
giancarlostoro
It says "by default" implying it could still be leaked, their "fix" is a Skype
setting that masks your IP until you're in a call with somebody.

------
carlob
So basically now Telegram is the only app not doing it by default?

~~~
fabrice_d
Add skype and hangouts to your list...

~~~
isilauzelis
And Facebook Messenger.

------
dkopi
"Along with the encryption, there are some other privacy features getting
added into the latest version of the app. Hidden chats will give users the
ability to essentially “hide” certain conversations from their usage log,
accessible only if you know a specified four-digit PIN"

Can anyone with Viber describe what happens when you get a new message from a
hidden chat partner? Does a notification show? how does that notification
look?

------
manishsharan
I was forced to uninstall Viber on account of the SPAM I was getting. I have
been trying to figure out how the spammers got my viber contact information.

------
cpach
Frederic Jacobs, one of the Signal authors: ”Viber’s encryption appears to be
a custom C++ implementation. Super reassuring they use MD5 for attachments.”
[https://twitter.com/FredericJacobs/status/722489499779858432](https://twitter.com/FredericJacobs/status/722489499779858432)

------
ecesena
Can't we just call it TLS? Every time I read "end-to-end encryption" I'm
afraid they just invented some weird security mechanism. Plus it's 3 chars.

~~~
dchest
It's not TLS.

~~~
ecesena
Ugh. Should we be scared then?

~~~
CiPHPerCoder
TLS is Transport Layer Security.

When we're talking about End-to-End Encryption, we usually mean:

    
    
        * Application Layer Security (between users)
        * Transport Layer Security (between each user and the server)
    

And here, Security _should_ mean public key authenticated encryption (e.g.
crypto_box() from NaCl)

------
wodenokoto
Get news to see other services following in the footsteps of WhatsApp!

~~~
skrowl
Telegram had e2e private chats for over a year before WhatsApp added e2e

~~~
exo762
Does bad crypto counts? I don't think so.

~~~
goodplay
I keep seeing this accusation get flung around whenever someone mentions
telegram but never proof. I remember telegram had a vulnerability once and
then it was patched just like any other security software.

You shouldn't throw around accusations without proof.

~~~
CiPHPerCoder
Here's your proof: [http://cs.au.dk/~jakjak/master-
thesis.pdf](http://cs.au.dk/~jakjak/master-thesis.pdf)

See also:

[http://www.cryptofails.com/post/70546720222/telegrams-
crypta...](http://www.cryptofails.com/post/70546720222/telegrams-
cryptanalysis-contest)

[https://moxie.org/blog/telegram-crypto-
challenge/](https://moxie.org/blog/telegram-crypto-challenge/)

~~~
goodplay
Is it cryptographicly broken or not? Can I read the plain text of the traffic
I capture?

~~~
CiPHPerCoder
[https://tonyarcieri.com/all-the-crypto-code-youve-ever-
writt...](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-
probably-broken)

The word "broken" means susceptible to practical attack, and attacks aren't
always of the "cryptanalyze the ciphertext and read the plaintext because
you're a clever mathematician" variety.

For example: Padding Oracle Attacks. This is the most accessible explanation
on-hand:
[https://twitter.com/SoatokDhole/status/720435675401744385](https://twitter.com/SoatokDhole/status/720435675401744385)

A padding oracle attack lets you decrypt a message by studying how the
cryptosystem responds to garbage input. Without recovering the key.

iMessage had a compression oracle attack recently:
[http://blog.cryptographyengineering.com/2016/03/attack-of-
we...](http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-
imessage.html)

They didn't merely "read the plain text of the traffic [they] capture[d]". But
these systems were still, quite badly, broken.

So what's my point? Telegram's protocol is susceptible to the same class of
active attack. Thus, it is broken.

~~~
ianmiers
To add, Telegram's crypto is completely and totally off the walls crazy in
terms of design. Add to that the fact that there are cryptographic breaks
(though not we can read your ciphertext breaks), and you should be careful.

iMessage would have been reasonably secure had they used AEC-GCM or a MAC. The
design at least made sense: compose a scheme out of known primitives. They
just missed (very important) details. Telegram is just turtles all the way
down.

------
agsimeonov
I am honestly surprised that they hadn't done so earlier.

------
toonies555
so crypto was on their roadmap but gifs weren't

------
sickbeard
In other news, the FBI now offers end-to-end encryption

------
dingo_bat
So will EFF now endorse Viber as strongly as they endorsed Whatsapp?

~~~
Johnny_Brahms
not with that little info from Viber. According to Frederic Jacobs (one of the
OpenWhisperSystems devs) they are relying on md5 for cryptographic hashing :(

