INGATE

From The Sip Trunking Experts

TMCNet:  University of New Haven researchers expose vulnerabilities in popular apps, draw worldwide attention [New Haven Register, Conn. :: ]

[April 30, 2014]

University of New Haven researchers expose vulnerabilities in popular apps, draw worldwide attention [New Haven Register, Conn. :: ]

(New Haven Register (CT) Via Acquire Media NewsEdge) May 01--WEST HAVEN -- A group of University of New Haven computer security researchers has drawn global attention over the past two weeks by revealing security vulnerabilities in two popular messaging apps that together have more than 600 million users worldwide.


First the University of New Haven Cyber Forensics Research & Education Group, led by assistant professor Ibrahim "Abe" Baggili, rocked the cyber world by revealing a vulnerability in the popular What'sApp messaging software.

Then, just a few days later, the UNH group revealed multiple vulnerabilities in the popular Viber chat app, a competitor to WhatsApp, demonstrating that not only is information uploaded via the app not encrypted when sent to Viber's servers, but it is stored on those servers in that unencrypted state as well.

The bugs allow data sent using the apps, which both are heavily used overseas, to be easily intercepted, making it possible for anyone who knows what to do to eavesdrop on users' private communications, Baggili said Wednesday.

"This is what we call 'white hat' hacking, like hacking for the good," said Baggili, a native of Jordan who grew up in the United Arab Emirates before earning his doctorate at Purdue University, and who oversees an equally diverse team.

"What we did was, we notified the company and then we released it to the public." In the initial case, Whats­App responded quickly to what the group found, said Baggili, who arrived at UNH six months ago from Zayed University in Abu Dabi, where he was director of that university's Advanced Cyber Forensics Research Laboratory.

"Viber never responded to us directly, but they responded directly to CNET" after the influential tech website wrote about the vulnerabilities, said Baggili, who lives in New Haven.

"Not only are things being sent in an unencrypted way ... but they're also being stored in an unencrypted format ..." he said. "It means that the data that's going through the service provider is completely unencrypted ... that data can be intercepted and it could be harmful ...

"This is a big one," he said of the latest discovery. "This one just went worldwide." Viber told CNET the problem should be fixed soon.

"This issue has already been resolved," the company said in a statement CNET reported last week. "It is currently in QA [quality assurance testing], and the fix will be released for Android and submitted to Apple on Monday. As of today we aren't aware of a single user who has been affected by this." On Wednesday, CNET reported that the Android version of Viber no longer sends images and videos without encryption protection, and the company says an Apple fix has been submitted.

YouTube videos on the WhatsApp and Viber findings each have gone viral, garnering more than 36,000 and more than 19,000 hits, respectively, as of Wednesday evening.

Viber lets users make free calls, send free texts and share photos. It also lets Viber users send video and voice messages to other users for free.

WhatsApp is similar, letting users exchange messages using various mobile phone platforms. WhatsApp users can create groups and send other members unlimited images, video and audio messages without having to pay SMS, or text messaging, fees.

The UNH researchers found, however, that when users shared their location with WhatsApp -- recently acquired by Facebook in a deal said to be worth $19 billion -- the WhatsApp software "called out" to Google Maps without using secure channels.

Baggili and his team, which also includes UNH students Jason Moore of Branford, Mohammed Al Saif, originally of Saudi Arabia, and Atefeh Masihzadeh, who is originally from Iran, were working on a network forensics project when they uncovered the WhatsApp vulnerability, he said.

They are among about eight students who work with the research group, said Baggili.

"This is the place to study cyber-forensics and cyber­security," he said.

Moore, who is Baggili's research assistant -- and was involved in both discoveries -- said, "I just think the public should know what they're using and just be aware that the stuff that they put up on the Internet can be forever, if it's not cared for properly." By cared for, he means encrypted, he said.

Moore, a University of Connecticut graduate and former Electric Boat worker, said he was not entirely shocked at the broad response to the revelations.

"Security's big right now, so it was not really surprising," he said, although "it was a little bigger than I thought." For more information about UNHcFREG's activities and research, visit http://cyberforensics.newhaven.edu or http://www.unhcfreg.com.

Call Mark Zaretsky at 203-789-5722. Have questions, feedback or ideas about our news coverage? Connect directly with the editors of the New Haven Register at AskTheRegister.com.

___ (c)2014 the New Haven Register (New Haven, Conn.) Visit the New Haven Register (New Haven, Conn.) at www.nhregister.com Distributed by MCT Information Services

[ Back To SIP Trunking Home's Homepage ]

Loading
Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner


Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.