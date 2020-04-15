Technology News
loading
  • Home
  • Apps
  • Apps News
  • TikTok Flaw Allows Hackers to Put Fake Videos on Your Account: Report

TikTok Flaw Allows Hackers to Put Fake Videos on Your Account: Report

Two developers showcased the problem by replacing WHO's TikTok video with a fake video.

By Abhik Sengupta | Updated: 15 April 2020 17:13 IST
Share on Facebook Tweet Snapchat Share Reddit Comment
TikTok Flaw Allows Hackers to Put Fake Videos on Your Account: Report

TikTok recently surpassed one billion installs on the Google Play Store

Highlights
  • TikTok flaw was exposed by two iOS developers in a blog post
  • Developers said TikTok's CDN delivers files via unencrypted HTTP
  • This can expose TikTok users' watch history and more

Popular short video sharing platform TikTok has been called out by two developers who claim that the company uses an insecure network to deliver bulk of the data, thereby, risking the privacy of the users on its platform. According to the two iOS developers, TikTok allegedly uses "insecure HTTP to download media content," that "puts user privacy at risk" since unencrypted HTTP traffic can be easily tracked and even altered by malicious actors. This means users' data including their watch history can be accessed by hackers. Meanwhile, TikTok is yet to respond to the 'security threat' exposed by the developers. The company's app recently surpassed one billion installs on the Google Play Store.

The developers, Talal Haj Bakry and Tommy Mysk, in a blog post highlighted that due to usage of insecure HTTP, hackers can also "switch videos published by TikTok users with different ones, including those from verified accounts." The duo further claimed this vulnerability can also expose user's watch history.

While explaining why the security threat exists, the developers in the blog post stated that TikTok like another social media outlet relies on external servers or Content Delivery Networks (CDNs) to deliver bulk of its data. The post added that TikTok's CDN further chooses to transfer videos and other media data over unencrypted HTTP.

"While this [HTTP] improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered by malicious actors," the developers wrote.

This essentially means that anyone who can see the network traffic passing through a Wi-Fi router could read information coming from TikTok's servers and modify it by even planting a fake video in an account without user's knowledge.

According to the blog post, files such as "videos, profile photos, and video still images" are transferred via HTTP, indicating they are at risk of being accessed by hackers. To further showcase the vulnerability of the TikTok app, Bakry and Mysk posted videos on their blog where they intercepted the data from CDN servers and replaced with "malicious content". The video, therefore, showed fake COVID-19 related content on WHO's TikTok account, which was planted by them.

"We successfully intercepted TikTok traffic and fooled the app to show our own videos as if they were published by popular and verified accounts. This makes a perfect tool for those who relentlessly try to pollute the Internet with misleading facts," the developers said.

However, the duo cautioned that this "malicious content" was only seen by those who were connected to their servers. The developers indicated that exposed threat, when replicated on a large scale server, can post greater privacy or fake-news related risks. They further added the vulnerability is present on TikTok's iOS version 15.5.6 and Android version 15.7.4.

Meanwhile, TikTok is yet to address the concerns raised by the two developers. TikTok recently surpassed a billion downloads on Google Play. This was amid lockdowns in several countries to curb the spread of novel coronavirus.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: TikTok, TikTok flaw, Data Privacy
Abhik Sengupta When not at work, Abhik is planning his next trip to the hills. He can endlessly talk about films, politics, and Danish Hygge, especially over chai. More
YouTube Now Supports UPI Payments in India
Zomato Starts Showing Body Temperature of Its Delivery Executives Amid Coronavirus Outbreak

Related Stories

TikTok Flaw Allows Hackers to Put Fake Videos on Your Account: Report
Comment
 
 

Advertisement

Tech News in Hindi
More Technology News in Hindi
Latest Videos
More Videos

Advertisement

Popular Mobiles
In Mobiles and Tablets
Popular Brands
#Trending Stories
  1. 500,000 Hacked Zoom Accounts Being Sold on Dark Web: Report
  2. OnePlus 8 Pro, OnePlus 8 With Snapdragon 865 SoC, Up to 12GB RAM Launched
  3. Tata Sky Broadband Introduces 1500GB FUP Cap on Unlimited Plans
  4. OnePlus 8 Pro, OnePlus 8 Price in India Could Be Different From the US
  5. Redmi AirDots S True Wireless Earphones Launched
  6. OxygenOS on OnePlus 8 Series Brings New Dark Theme, and a Lot More
  7. Google's Latest Doodle in India Is a Thank You to Coronavirus Helpers
  8. Swiggy New ‘Grocery Tab’ Launched in 125 Cities, Offers 2-Hour Delivery
  9. Joker Is Out Next Week on Prime Video in India
  10. PUBG Mobile Arctic Mode Launching Tomorrow: What We Know
#Latest Stories
  1. Honor 30, Honor 30 Pro, Honor 30 Pro+ With 4,000mAh Battery Launched: Price, Specifications
  2. Zomato Starts Showing Body Temperature of Its Delivery Executives Amid Coronavirus Outbreak
  3. Google Developing Its Own Mobile Chip for 2021 Pixel Phones: Report
  4. TikTok Flaw Allows Hackers to Put Fake Videos on Your Account: Report
  5. YouTube Now Supports UPI Payments in India
  6. How to Get E-Pass for Lockdown in Your State
  7. Extraction Hindi Trailer: Netflix Confirms Indian-Language Dub of Chris Hemsworth Movie
  8. Aarogya Setu App: PMO Forms Committee to Upgrade COVID-19 Tracker App
  9. iQoo Neo 3 Price Tipped, Teaser Reveals Hole-Punch Display Design
  10. Fortnite Chapter 2 - Season 2 Extended Till June 4
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com