Skip to main content

Critical TikTok Flaw — Let Hackers Swap Your Videos

Critical TikTok Flaw — Let Hackers Swap Your Videos

Tommy Mysk and Haj Bakry who are software developers found a critical flaw in the popular video-sharing TikTok app that allows hackers to modify and swap videos on any TikTok account.

According to the analysis done by software developers, the TikTok app uses insecure HTTP to transfer its data. Because of this, the TikTok app's images and video transfer are unencrypted (in plain text).

TikTok uses CDNs to transfer its data over HTTP. So, if a hacker act as Man-in-the-Middle between the TikTok app and TikTok's CDNs then a hacker can fetch the details of all the videos that a user has watched and downloaded in plain text.

Critical TikTok Flaw — Let Hackers Swap Your Videos

By the Man-in-the-Middle attack, it is possible for an attacker to modify the data in transmission and swap out an original video with a fake one. It is also possible that an attacker can spread spam, fake and misleading information in this way.

The Developers also demonstrated this flaw by setting up a fake CDN server and their TikTok app directed to that fake CDN server. After that, they act as Man-in-the-Middle and upload a coronavirus misinformation video and inject it into WHO's TikTok account and it looks like their own video.

They also verified by doing the same to other TikTok verified accounts like Red Cross and Tiktok's own official account. So, this way attackers can modify and swap videos on any Tiktok account.

If the Tiktok app were using HTTPS then this type of hack would be more difficult to do because of encryption. So, This type of popular app must use HTTPS for everything because of privacy and security.

TikTok's website is using HTTPS for serving up videos but the TikTok app does not. So, it shows that TikTok's CDNs are already well-equipped to handle HTTPS request so the company has to just update its app to bring it into it as well.

Be aware that Android version 15.7.4 of the TikTok app and the iOS version 15.5.6 of the TikTok app have this vulnerability. So, it is advised that stop using the TikTok app until this issue is fixed.

If you have any questions related to TikTok flaw then please mention into the comments box and I will get back to you and stay tuned with my blog.

Comments

Post a Comment

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

How To Enable WhatsApp Fingerprint Lock Feature on Android

WhatsApp has officially rolled out the fingerprint lock feature for all the Android users. Most of you may already have been doing it for the last few years with the help of third-party app lockers for adding more security. Keeping that in mind and to make the process quicker and safer at the same time, WhatsApp has now launched this new fingerprint lock feature so that you can open the app by your fingerprint. It means that regardless of whether the phone is opened, others won't have the option to gain access to the messages without your fingerprint. So, you can now secure your WhatsApp conversations with an extra layer of biometric security . With this step, WhatsApp is finally offering biometric authentication to the Android app, while iPhone users enjoying both the Touch ID that is the fingerprint recognition and Face ID that is the facial recognition since the month of February 2019. WhatsApp is also giving more options with the new fingerprint lock featur

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik