Cyber security news for all

More

    The popular video sharing app TikTok has a security issue

    Large parts of the data traffic between TikTok developers and the servers of the app are not encrypted. This could allow an attacker to exchange the videos that are displayed to the user if the attacker manages to connect to the network traffic from the cell phone to the TikTok server.

    The TikTok developers reasonably encrypted the transfer of all personal data through the app. Only images and videos that are loaded from the content delivery network used by the app are unencrypted. It looks as if the TikTok creators of the developer company ByteDance tried to save time and computing power when transmitting the payload. Or one deliberately wanted to leave an option open to make this data manipulable for the attacks.

    The unsuspecting victim gets videos that look as if they come from a trustworthy channel but were actually exchanged by the attacker. The security researchers who discovered the vulnerability demonstrate this by displaying videos with fake information in the feed of the World Health Organization. They succeed by intercepting and manipulating the apps requests. They then use DNS to redirect these requests to their own server.

    In such a case, one would normally expect harmless spams, but in times when we all expect targeted manipulation of social networks like TikTok, such a gap must be taken a little more seriously. Not to mention that there are far too many fake videos on TikTok that aim to spread panic.

    An Attack Seems To Be Feasible

    So far, the TikTok developers have not done anything about the vulnerability. TikTok users should therefore be aware that fake videos can currently be pushed into them in otherwise trustworthy feeds.

    TikTok is the only major app to use unsecured communication to deliver its content. Other social media apps such as Facebook, Instagram, and Twitter strictly use secured HTTPS to communicate between the apps and their CDNs.

    Recent Articles

    Manchester United have been blackmailed by cyber attackers

    The Premier League club Manchester UnitedĀ fell victim to a cyber attack according to the Daily Mail. The cyber criminals are apparently demanding ransom in...

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Twitter confirmed to bring back account verification

    Twitter is bringing back verifications for the account verification in the beginning of 2021. Certain users will then be given a control mark again,...

    350,000 Spotify users were hacked

    At the beginning of July this year, security researchers discovered an unsecured database that contained access and other information from 350,000 Spotify users. Spotify...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox