VU#772695: A flawed TLS handsh... Note

VU#772695: A flawed TLS handshake implementation affects Viber Proxy in multiple platforms

Viber's Cloak-mode proxy, in specific Android and Windows versions, has a critical weakness. This feature, designed to conceal proxy or VPN usage, fails its primary purpose. The TLS ClientHello fingerprint used by Cloak mode is static and lacks diversity. This makes it easily detectable by Deep Packet Inspection (DPI) systems. Consequently, network-level blocking of Viber traffic becomes straightforward in restrictive environments. This flaw undermines censorship circumvention capabilities, potentially leading to denial of service. The proxy traffic is readily identifiable, not resembling normal browser TLS behavior. Users are unaware that their data's proxy protection is compromised. To mitigate this issue, users should update their Viber Windows clients to version 27.3.0.0 and Android mobile versions to 27.2.0.0g for continued support. Oleksii Gaienko, an independent security researcher, reported this vulnerability. Laurie Tyzenhaus authored this explanatory document.