Skip to main content

Critical TikTok Flaw — Let Hackers Swap Your Videos

Critical TikTok Flaw — Let Hackers Swap Your Videos

Tommy Mysk and Haj Bakry who are software developers found a critical flaw in the popular video-sharing TikTok app that allows hackers to modify and swap videos on any TikTok account.

According to the analysis done by software developers, the TikTok app uses insecure HTTP to transfer its data. Because of this, the TikTok app's images and video transfer are unencrypted (in plain text).

TikTok uses CDNs to transfer its data over HTTP. So, if a hacker act as Man-in-the-Middle between the TikTok app and TikTok's CDNs then a hacker can fetch the details of all the videos that a user has watched and downloaded in plain text.

Critical TikTok Flaw — Let Hackers Swap Your Videos

By the Man-in-the-Middle attack, it is possible for an attacker to modify the data in transmission and swap out an original video with a fake one. It is also possible that an attacker can spread spam, fake and misleading information in this way.

The Developers also demonstrated this flaw by setting up a fake CDN server and their TikTok app directed to that fake CDN server. After that, they act as Man-in-the-Middle and upload a coronavirus misinformation video and inject it into WHO's TikTok account and it looks like their own video.

They also verified by doing the same to other TikTok verified accounts like Red Cross and Tiktok's own official account. So, this way attackers can modify and swap videos on any Tiktok account.

If the Tiktok app were using HTTPS then this type of hack would be more difficult to do because of encryption. So, This type of popular app must use HTTPS for everything because of privacy and security.

TikTok's website is using HTTPS for serving up videos but the TikTok app does not. So, it shows that TikTok's CDNs are already well-equipped to handle HTTPS request so the company has to just update its app to bring it into it as well.

Be aware that Android version 15.7.4 of the TikTok app and the iOS version 15.5.6 of the TikTok app have this vulnerability. So, it is advised that stop using the TikTok app until this issue is fixed.

If you have any questions related to TikTok flaw then please mention into the comments box and I will get back to you and stay tuned with my blog.


Post a Comment

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

Facebook, Instagram and WhatsApp Down : Apps Crash For Users Worldwide Including In India

If you are facing problems with Facebook , Instagram , and WhatsApp on your device then you are not alone. Suddenly, the service of Facebook, Instagram, and WhatsApp's are facing technical problems since late evening on Wednesday. Users are facing these types of problems on Facebook :- While using Facebook, Users are facing problems in loading images, loading videos, and loading all other data across its apps while some users were unable to load photos on Facebook News Feed. On the Twitter platform, Facebook said that it is aware of the issue. Users are facing these types of problems on Instagram :- On Instagram (just like Facebook apps), the issues appear to be limited only to a certain part of the site. Many users report an issue to Instagram that their feed might not load, also it is not possible to post anything new (images, videos, stories) into it. If a user tries to post anything new (images, videos, stories) brings up an error indicat