this may be the paper "Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones" [0]
[0] https://www.cis.uab.edu/saxena/docs/ss-ccs14.pdf On Sat, Apr 23, 2016 at 6:10 AM, Ben Laurie <[email protected]> wrote: > On 20 April 2016 at 17:54, Michael Farb <[email protected]> wrote: > > Does anyone know about the end to end messaging protocol used by Viber in > > the release they announced yesterday? I believe it’s closed source, but > I’d > > be curious to know if they have posted the general protocol anywhere. > I’ve > > not found anything yet. I’m curious to know if it’s based on the ratchet > > used for Signal or not. > > > > > https://support.viber.com/customer/portal/articles/2017401-viber-security-faq > > > > What I really like is the improved UX for authentication I’ve not seen > yet. > > They use their own real-time channel (voice) to guide the user through > the > > fingerprint readout. Now, real-time channels are available through many > > tools, but I think this is the first time I’ve seen a text messaging > service > > do this (ZRTP in video calls and voice calls notwithstanding). > > I can't find it right now, but there was a paper in the last year or > so about attacking voice channels for fingerprinting by using a mitm > with voice synthesis. Apparently it works pretty well. > > > > > What I’d like to see next: A way to prevent accepting the fingerprint > > without reading it similar to SafeSlinger, with perhaps a shorter hash to > > confirm. > > > > Cheers, > > Mike > > > > Michael W. Farb > > Research Programmer, Carnegie Mellon University CyLab > > www.cylab.cmu.edu/safeslinger > > > > _______________________________________________ > > Messaging mailing list > > [email protected] > > https://moderncrypto.org/mailman/listinfo/messaging > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
