Ago something more than a year and a half TikTok has become one of the most popular applications at the global level, particularly among the young. The current quarantine has increased even more the popularity of the application. Despite its popularity, the questions about security and privacy have not ceased. It has now been discovered a security flaw in the same.
This security flaw has been discovered in the application allows attackers to inject any video, such as videos, fake, in the feed of the user. A failure of security concern, especially if we consider that TikTok has around 1,000 million users around the world.
Tik Tok background: all of the tricks and tips to improve your videosTik Tok asked us to scream that the analizaramos. And after testing it in depth, we bring you their tricks, secrets and essential tips.
Security flaw in TikTok
The report where it has been reported this security bug on the application, it reports that TikTok does not work in an encrypted manner. This assumes that you are using the HTTP protocol, which is not secure as HTTPS, to download the multimedia content. While this protocol facilitates the transmission of content, it puts your privacy at risk, as it allows the photos and videos that users upload to be intercepted with ease.
TikTok makes use of the so-called CDN (Content Delivery Networks or content distribution Network) to distribute its massive data so geographical. Although for this to be possible using the HTTP protocol, which is used to connect to the CDN. Just look at the traffic of the application to view the large amounts of data that are transferred using HTTP. In addition, you can view pictures and videos being transferred in the clear.
If an attacker sneaks into this process, you will be able to find all of the videos that a user has viewed or downloaded, the so-called history of reproduction. In addition, it would also have the possibility of download this video and even modify itto be able to upload it again to the application. This would include spam messages or distribute false information in the application in a relatively straightforward manner. Since the video is then injected back into the feed of the user, such as a normal video.
A problem not yet solved
The group of researchers decided to perform several tests to see the way in which this was possible. Set up a series of rogue servers and downloaded videos TikTok, who subsequently modified. Once modified, the went up again in the app and it showed again in the profile of the victim.
For this type of attacks are possible, the attackers must have access to the routerthat is what will allow you to access the application and modify or manipulate such user’s videos. The need to access the router of the user is something that somehow limits the possibilities of suffering from this type of problems, but which makes it clear that application security is in question. In addition, there is the fear that they are going to distribute hoaxes, false news or controversial maliciously in the application due to this bug.
According to have shown to the researchers, the current versions TikTok for Android and iOS continue without encrypting the videos and photosso that remains a vulnerability is real, that can affect the users in the application. It is expected that the company behind the app to take action soon and improve the security in the app, you can that through an update, but so far have not made any statement about it.
The entry So you can hackearte TikTok and send you videos fake appears first in Android Free.