Cyber security news for all

More

    The popular video sharing app TikTok has a security issue

    Large parts of the data traffic between TikTok developers and the servers of the app are not encrypted. This could allow an attacker to exchange the videos that are displayed to the user if the attacker manages to connect to the network traffic from the cell phone to the TikTok server.

    The TikTok developers reasonably encrypted the transfer of all personal data through the app. Only images and videos that are loaded from the content delivery network used by the app are unencrypted. It looks as if the TikTok creators of the developer company ByteDance tried to save time and computing power when transmitting the payload. Or one deliberately wanted to leave an option open to make this data manipulable for the attacks.

    The unsuspecting victim gets videos that look as if they come from a trustworthy channel but were actually exchanged by the attacker. The security researchers who discovered the vulnerability demonstrate this by displaying videos with fake information in the feed of the World Health Organization. They succeed by intercepting and manipulating the apps requests. They then use DNS to redirect these requests to their own server.

    In such a case, one would normally expect harmless spams, but in times when we all expect targeted manipulation of social networks like TikTok, such a gap must be taken a little more seriously. Not to mention that there are far too many fake videos on TikTok that aim to spread panic.

    An Attack Seems To Be Feasible

    So far, the TikTok developers have not done anything about the vulnerability. TikTok users should therefore be aware that fake videos can currently be pushed into them in otherwise trustworthy feeds.

    TikTok is the only major app to use unsecured communication to deliver its content. Other social media apps such as Facebook, Instagram, and Twitter strictly use secured HTTPS to communicate between the apps and their CDNs.

    Recent Articles

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox