Viber has been hacked by the Syrian Electronic Army

ViberViber – the popular VOIP messaging app beloved by iPhone and Android users -hasn’t acknowledged the problem yet, but it has a major security problem going on right under its nose.

The notorious Syrian Electronic Army has claimed credit for an attack against the free phonecall and texting app’s website, which has resulted in Viber’s Support and Knowledgebase website being commandeered by the hacking group, and private data about users published on the web.

The news of the Viber hack comes only days after the same cybercriminals managed to steal details of millions of Tango users, another mobile messaging app.

Viber’s support website at http://support.viber.com/ currently looks like this:

Defaced Viber webpage

Clearly it can no longer be considered under the control of Viber itself.

Part of the message on the defaced website reads:

Hacked by Syrian Electronic Army

Dear All Viber Users,

The Israeli-based "Viber" is spying and tracking you

We weren't able to hack all Viber systems, but most of it is designed for spying and tracking

Screenshot of a hacked system:

Embedded within the defaced webpage is a link to a screencapture of what appears to be an internal database by Viber employees showing users’ phone numbers, device UDID, country, IP address, operating system and version, first registration to Viber, and what version of Viber they are using.

Viber database

I’ve blurred out the information in the above screenshot, but the hackers made no such attempts to protect users’ privacy.

In the example posted by the Syrian Electronic Army, the phone numbers all have the internationally dialling code of 963 – the code for Syria.

In addition, at the bottom of the defaced webpage, the hackers published the names, phone numbers and email addresses of Viber administrators.

This is obviously highly damaging to Viber.

My guess is that the Syrian Electronic Army was able to trick a member of Viber’s staff into handing over their username and password (possibly via a phishing attack), and the hackers were then able to use this information to crowbar their way into Viber’s internal systems, with damaging results.

The Syrian Electronic Army is very happy to put the boot in it seems, tweeting out:

SEA tweet

Warning: If you have "Viber" app installed we advise you to delete it

Earlier this year, Viber announced that it had over 200 million mobile users.

There is currently no mention of the security issue on Viber’s Twitter or main website.

Update:
A Viber spokesperson got in touch with me, and gave me the following statement:

"Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future."

In addition, I was told that the UDID displayed on the screenshot is not the device UDID, but instead an internal Viber ID number.

Viber is understandably trying to calm users about the security breach. But the fact remains, that the Syrian Electronic Army succeeded in getting unauthorised access to data held in Viber’s support systems, and were able to access (at least some) users’ phone numbers and users’ IP addresses.

Tags: , , , , , , , ,

, , , , , , , ,

15 Responses

  1. Jeremy July 23, 2013 at 5:45 pm #

    The hacked page is still up. I'm happy they are not collecting messages at least if they hacked everything. Still surprised Syria has a decent hacking team considering they are in a civil war.

  2. Nick Braak July 23, 2013 at 6:15 pm #

    I agree that based on their past achievements phishing is the most likely attack vector.

    Why break locks and make a mess when you can open the door with a key. (Old Syrian proverb) :-)

  3. Jamie Edwards July 23, 2013 at 7:15 pm #

    Hi Graham,

    Jamie here from Kayako (Viber's helpdesk vendor). We're working closely with Viber to figure out what has happened. At this time it looks as though this attack, with respect to our platform in general, was isolated. Obviously, we're combing through things.

    • Graham Cluley
      Graham Cluley July 23, 2013 at 7:19 pm #

      Thanks for the update Jamie.

      I remember when ZenDesk suffered at the hands of hackers back in February, big customers of theirs like Tumblr, Pinterest and Twitter were impacted.

      So, do you believe that the Syrian Electronic Army may have targeted Kayako as a way of getting at Viber? If so, were any of your other customer sites affected?

      Do you recognise the screenshot of the Viber database? My guess is that that is something that is likely to be internal to Viber itself, right?

      • Jamie Edwards July 23, 2013 at 7:48 pm #

        Hi Graham,

        I do not recognise the screenshot posted.

        There is nothing in our audit so far to suggest that any other Kayako customers have been affected or targeted (and this is the main reason I am here commenting, in case other customers are concerned).

        I won't speculate until we have complete clarity, though. I am sure Viber will provide details in due course and where appropriate, so will we.

  4. Malachi July 24, 2013 at 1:52 am #

    What a garbage piece of alarmist reporting!

    I would greatly like to know how a "Verteran" in the software industry could look at this news feed, and not see that this is some of the most basic data a company would need to both market their product, and support their users.

    Not to mention support options like push messages to an application that is not wholy interegrated by the OEM.

    Yes the company had a portion of the system hacked; That's Bad! I fully admit.

    Your alarmist one side non technical write up is utter trash and a total disappointment from a veteran reporter and coder.

    • Graham Cluley
      Graham Cluley July 24, 2013 at 1:58 am #

      Que? What have I said that's alarmist?

      I told you what happened. I've shown you the screenshots. I've told you what the SEA said (it was them who made the Israeli is spying on you accusation).

      Yes, I would expect Viber to have access to a fair amount of data through its backend systens. But I would also darn well hope that they had it properly secured.

      Seems to me that there may be two separate stages to this hack. The very visible hack of Viber's support systems run by Kayako, and the (perhaps more concerning) breach of their internal administration systems. That doesn't look good for the company, wouldn't you say?

      • Malachi July 24, 2013 at 2:45 am #

        I fully agree that the company "should" have the system fully secure. However history has proven; If we can make it, they can break it.

        it was furthermore not disclosed or proven that the company's internal most private systems where breached, only that a support database was breached.

        The screen shot posted shows noes sage details, call logs, message copies, or recordings, your article furthers the notion that Viber is SPYING on there customers.

        Nothing from the original article corobrates the headline, and find your lack of objectivity, well objectionable.

  5. aiman July 24, 2013 at 2:04 am #

    no doubt Al-Assad's hackers consider this a great victory not only because it's -like tango- a VOIP app which is used by many activists (sometimes even freedom-fighters)…… but because it's also founded by an Israeli which really helps in their propaganda ….. I'm pretty sure that the ones who did this aren't Syrian probably Russians or Iranians since both have personnel in Syria to help in various aspect.
    however i do believe that the ultimate goal for this group is no doubt Skype …… it's THE most used app by activists and the mere existence of this app on your mobile phone or PC in Syria might lead to detention and sometimes torturing to death

  6. Motti Shneor July 24, 2013 at 7:35 am #

    As an israeli developer of Audio/Video conferencing tools, and a friend of several Viber workers, I feel a little embarrassed about such hacking and exposure of client data.

    However, please remember that the pieces of software that were hacked and were NOT viber code — almost certainly Microsoft code. IT tools, Web servers etc.

    My personal belief is that the world of IT is so over-complicated and so bloated, just to feed those hoards of IT personnel, that there MUST always exist a hole somewhere.

    What I don't like about this report is that IT TAKES NO SIDE. Was it a more physical terrorist attack the adjective used for the "organization would not be "notorious".

    Generally speaking, wherever there is something to take — someone will attempt to take it. Same on the internet. An important part of fighting against crime is to denigrate it.

    Where are you Mr. Graham Cluley? Are you on the side of attackers, or the victims? You too use technology that is prone to such attacks. Would you want your own personal information to be used maliciously?

    Of course Viber, Apple, Microsoft and all other software providers must work harder to make their systems more secure. But the real effective way against such crimes is to educate children against it, in much the same way you teach them not to throw stones at the neighbor's windows.

  7. Viber July 24, 2013 at 12:42 pm #

    Hi,
    I'm an official representative from Viber.

    As explained in the article, no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

    We are reviewing all of our policies to make sure that no such incident is repeated in the future.

    If you have any more questions/doubts, please feel free to let us know 

    Thanks,
    The Viber Team.

  8. Omar August 20, 2013 at 3:51 pm #

    Hi,
    Since the Wikileaks revealed lots of reality. So this would also be a plus point for them that Viber is also spying on users.

  9. Omar August 20, 2013 at 3:59 pm #

    Hi Viber Team,
    Since the Wikileaks and their friends revealed lots of reality. So this would also be a plus point for them that Viber is also spying on users. Do not give us the explanation that you're not spying on users. I will definitely going to delete Viber app and I'll use another VoIP app.

  10. ED November 25, 2013 at 1:34 pm #

    I use viber app on my iphone. I found out last August that many personal information, sent/received files and communication I had over viber were somehow copied and downloaded by a third party (hackers). An email was sent to me with as excel file that included chat history included specific times and contacts phone numbers. Personal pictures files sent over viber were also sent in a separate email. I have tried to contact viber through their support email but unfortunately no reply. What happened is still bugging me and I require an explanation on how did this happen. I am willing to share more details to help unrevealing how did this happen and the people behind it.

  11. ian November 30, 2013 at 2:06 am #

    Would like to see a follow-up to all of this….
    there's no real info on the net stating that viber has
    been strengthened against attacks, or if it's still at
    risk. until then, I have uninstalled it, and not recommending it.
    Anyone have more current info on this – Mr. Cluely?

Leave a Reply

XSLT by CarLake