Rakuten Viber TLS Handshake Vulnerability in Cloak Mode Proxy

A vulnerability exists in the Rakuten Viber messaging application for Android version 25.7.2.0g and Windows versions 25.6.0.0 through 25.8.1.0. When Cloak mode is enabled, the application uses a static and easily recognizable TLS ClientHello fingerprint that lacks diversity in extensions. This flaw allows Deep Packet Inspection (DPI) systems to easily detect and block proxy traffic, thereby undermining efforts to bypass censorship. As a result, users may experience disruptions in service.

Impact

The vulnerability in Cloak mode fails to conceal proxy usage, with outgoing data becoming easily recognizable due to the inflexible fingerprint, deviating from typical browser TLS behavior. Users remain unaware that their proxy is not safeguarding their data.

Remediation

Users on Windows should upgrade to version 27.3.0.0 or later, while Android users should upgrade to version 27.2.0.0g or later. Windows users can enable automatic updates for Viber to ensure they receive the latest version.