Cyber security news for all

More

    The popular video sharing app TikTok has a security issue

    Large parts of the data traffic between TikTok developers and the servers of the app are not encrypted. This could allow an attacker to exchange the videos that are displayed to the user if the attacker manages to connect to the network traffic from the cell phone to the TikTok server.

    The TikTok developers reasonably encrypted the transfer of all personal data through the app. Only images and videos that are loaded from the content delivery network used by the app are unencrypted. It looks as if the TikTok creators of the developer company ByteDance tried to save time and computing power when transmitting the payload. Or one deliberately wanted to leave an option open to make this data manipulable for the attacks.

    The unsuspecting victim gets videos that look as if they come from a trustworthy channel but were actually exchanged by the attacker. The security researchers who discovered the vulnerability demonstrate this by displaying videos with fake information in the feed of the World Health Organization. They succeed by intercepting and manipulating the apps requests. They then use DNS to redirect these requests to their own server.

    In such a case, one would normally expect harmless spams, but in times when we all expect targeted manipulation of social networks like TikTok, such a gap must be taken a little more seriously. Not to mention that there are far too many fake videos on TikTok that aim to spread panic.

    An Attack Seems To Be Feasible

    So far, the TikTok developers have not done anything about the vulnerability. TikTok users should therefore be aware that fake videos can currently be pushed into them in otherwise trustworthy feeds.

    TikTok is the only major app to use unsecured communication to deliver its content. Other social media apps such as Facebook, Instagram, and Twitter strictly use secured HTTPS to communicate between the apps and their CDNs.

    Recent Articles

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox