Cyber security news for all

More

    The popular video sharing app TikTok has a security issue

    Large parts of the data traffic between TikTok developers and the servers of the app are not encrypted. This could allow an attacker to exchange the videos that are displayed to the user if the attacker manages to connect to the network traffic from the cell phone to the TikTok server.

    The TikTok developers reasonably encrypted the transfer of all personal data through the app. Only images and videos that are loaded from the content delivery network used by the app are unencrypted. It looks as if the TikTok creators of the developer company ByteDance tried to save time and computing power when transmitting the payload. Or one deliberately wanted to leave an option open to make this data manipulable for the attacks.

    The unsuspecting victim gets videos that look as if they come from a trustworthy channel but were actually exchanged by the attacker. The security researchers who discovered the vulnerability demonstrate this by displaying videos with fake information in the feed of the World Health Organization. They succeed by intercepting and manipulating the apps requests. They then use DNS to redirect these requests to their own server.

    In such a case, one would normally expect harmless spams, but in times when we all expect targeted manipulation of social networks like TikTok, such a gap must be taken a little more seriously. Not to mention that there are far too many fake videos on TikTok that aim to spread panic.

    An Attack Seems To Be Feasible

    So far, the TikTok developers have not done anything about the vulnerability. TikTok users should therefore be aware that fake videos can currently be pushed into them in otherwise trustworthy feeds.

    TikTok is the only major app to use unsecured communication to deliver its content. Other social media apps such as Facebook, Instagram, and Twitter strictly use secured HTTPS to communicate between the apps and their CDNs.

    Recent Articles

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    The slamming of undeletable Adware on Android users

    Researchers have discovered that about 14.8% of users of android phones that were targeted with mobile adware or malware the previous year have undeletable...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox