New TikTok Security Flaw Is A Real Threat To Users: Beware!

Must Read

3 Most Common Mistakes Social Media Marketers Are Committing In 2016

In their quest for greater sales and increased ROI, the self-appointed “digital marketing guru” has lost touch with what...

The Best Selling Smartphones Of 2016: Apple iPhone 6s Tops The Chart

Good news for Apple, as a recent report by IHS Markit found that the Apple iPhone 6S was the...

A Big Blow To Amazon and Flipkart: CCI Investigation To Continue

Flipkart and Amazon continue to find themselves in hot water as their plea against the investigation that is being...

TikTok the second most popular free Android app in 2019 and emerging social media platform which has lately been giving fierce competition to all other legacy social media giants has recently come under the heat because of a serious security flaw that has been discovered.

Two developers Tommy Musk and Talal Haj Bakry have recently revealed a vulnerability in TikTok which enables hackers to replace a user’s videos with fake ones.

The developer duo has made their findings available in a blog post wherein they explained that TikTok’s current loophole for attackers is the result of their insecure practices when it comes to content delivery.

Advertisements

TikTok much like all other social media platforms needs to rely on a Content Delivery Network aka a CDN to quickly transfer gigantic volumes of data such as videos, images and so on over the internet.

However, in the case of TikTok, the CDN they rely on is a lesser form of a secure HTTP connection because it improves their performance. This allows an attacker to easily decipher HTTP Traffic and replace the videos of any chosen account with other fake ones.

Mysk and Bakry also created a proof-of-concept (POC) video to support their claims by inserting a COVID-19 misinformation video into the official TikTok account of the World Health Organization (WHO).

What the developers demonstrated in the above video is how they were able to trick the TikTok app (installed on a device connected to their home WiFi network) into sending requests to their own custom server which was designed to mimic the CDNs that TikTok relies on.

Therefore, this proves that by assuming control over the router present between the TikTok app and the CDNs TikTok relies on, anyone can view and insert any video or image they want.

Advertisements

All that is needed to be done to perform this action is the changing of the DNS record information on the router which will make the TikTok app redirect to the fake server every single time.

“If a popular DNS server was hacked to include a corrupt DNS record as we showed earlier, misleading information, fake news, or abusive videos would be viewed on a large scale, and this is not completely impossible,” the developers explained in their post.

Back in 2018, Tinder made a similar mistake which TikTok seems to be making right now.

Social Media Platforms Rely On HTTPS

The two developers also dug in the traffic of TikTok’s competitors such as YouTube, Instagram and Facebook to look for similar vulnerabilities. They came to the conclusion that most of these other social media giants rely only on secure HTTPS connections to facilitate the passing of traffic.

The use of HTTPS connections has been mandated by both Apple and Google, however, they have allowed the existence of some exceptions because of compatibility reasons. Now it seems like its these same exceptions that have been made good use of by TikTok.

This vulnerability could affect people at a massive scale because TikTok has already garnered around 800 million monthly users worldwide as of right now.

There have already been raised too many questions about TikTok’s roots coming out of China and now this will surely be another addition to the same pile of doubt it has been gathering lately.

Earlier this year, the app came under a lot of heat on multiple occasions. First, they were accused of allegedly suppressing videos of disabled users and after that, a vulnerability was discovered within the TikTok app which allowed a hacker to expose private videos. Now it remains to be seen how quickly the emerging social media platform takes note of this recent security flaw and fixes it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Ola IPO: No Earlier Than FY23 To Make The Most of Electric Vehicle Hype

Excited by the historic response to Zomato IPO, many other Indian startup unicorns have started gearing up for IPO....

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This