New TikTok Security Flaw Is A Real Threat To Users: Beware!

Must Read

End Of Free Ride For Ola And Uber: GOI Sets New Rules For Cab Aggregators!

For long Ola and Uber have been enjoying the free ride on charging surge price from customers...

Amazon Gets Slapped With Penalty As GOI Prepares To Tighten The Noose On Ecommerce Players!

In a recent move, the Indian Government slapped Amazon on its wrist for not mentioning the country...

Backed By First-Time Shoppers, Flipkart And Amazon Dominated Festive Online Sales in India

It seems like Flipkart and Amazon squeezed the most out of the month-long festive season in India...

TikTok the second most popular free Android app in 2019 and emerging social media platform which has lately been giving fierce competition to all other legacy social media giants has recently come under the heat because of a serious security flaw that has been discovered.

Two developers Tommy Musk and Talal Haj Bakry have recently revealed a vulnerability in TikTok which enables hackers to replace a user’s videos with fake ones.

The developer duo has made their findings available in a blog post wherein they explained that TikTok’s current loophole for attackers is the result of their insecure practices when it comes to content delivery.

Advertisements

TikTok much like all other social media platforms needs to rely on a Content Delivery Network aka a CDN to quickly transfer gigantic volumes of data such as videos, images and so on over the internet.

However, in the case of TikTok, the CDN they rely on is a lesser form of a secure HTTP connection because it improves their performance. This allows an attacker to easily decipher HTTP Traffic and replace the videos of any chosen account with other fake ones.

Mysk and Bakry also created a proof-of-concept (POC) video to support their claims by inserting a COVID-19 misinformation video into the official TikTok account of the World Health Organization (WHO).

What the developers demonstrated in the above video is how they were able to trick the TikTok app (installed on a device connected to their home WiFi network) into sending requests to their own custom server which was designed to mimic the CDNs that TikTok relies on.

Therefore, this proves that by assuming control over the router present between the TikTok app and the CDNs TikTok relies on, anyone can view and insert any video or image they want.

Advertisements

All that is needed to be done to perform this action is the changing of the DNS record information on the router which will make the TikTok app redirect to the fake server every single time.

“If a popular DNS server was hacked to include a corrupt DNS record as we showed earlier, misleading information, fake news, or abusive videos would be viewed on a large scale, and this is not completely impossible,” the developers explained in their post.

Back in 2018, Tinder made a similar mistake which TikTok seems to be making right now.

Social Media Platforms Rely On HTTPS

The two developers also dug in the traffic of TikTok’s competitors such as YouTube, Instagram and Facebook to look for similar vulnerabilities. They came to the conclusion that most of these other social media giants rely only on secure HTTPS connections to facilitate the passing of traffic.

The use of HTTPS connections has been mandated by both Apple and Google, however, they have allowed the existence of some exceptions because of compatibility reasons. Now it seems like its these same exceptions that have been made good use of by TikTok.

This vulnerability could affect people at a massive scale because TikTok has already garnered around 800 million monthly users worldwide as of right now.

There have already been raised too many questions about TikTok’s roots coming out of China and now this will surely be another addition to the same pile of doubt it has been gathering lately.

Earlier this year, the app came under a lot of heat on multiple occasions. First, they were accused of allegedly suppressing videos of disabled users and after that, a vulnerability was discovered within the TikTok app which allowed a hacker to expose private videos. Now it remains to be seen how quickly the emerging social media platform takes note of this recent security flaw and fixes it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Google Is Dragged To Court For Spying On Employees And Firing Them!

It seems like Google is finally going to pay their dues for spying on their employees!

Exclusive: PhonePe Raises ₹5,000 Crore At A Valuation of ₹45,000 Crore

The digital payment company PhonePe has raised Rs 5,000 crore (approx $690 million) in a fresh round of funding. After the new...

Pre-Pandemic Level Job Recovery To Not Become A Reality Till 2024!

The COVID-19 pandemic led to millions of job losses all around the world. Now, while many reports suggest the global economy is...

Apple Mac Devices Are Being Affected By A New Malware Meant To Spy And Steal Information

If you are a Macbook user, then beware! There’s a new form of malware doing rounds on the internet and specifically targeting...

Decoding Slack Acquisition: A Move To Give Microsoft Taste Of Their Own Medicine?

The acquisition of Slack has left many surprised. The popular workplace messaging app Slack recently sold its business to...

The Launch of ATT Feature Will Make Apple-Facebook Privacy Feud Nasty

Apple's firm stand has itched Facebook's co-founder Mark Zuckerberg. Much of today's internet usage has become heavily...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This