Cyber Threat: TikTok Flaw Exposed by Two Developers

TikTok - cfamedia

While the world is battling with the dreaded coronavirus pandemic, two software developers have called out the popular social media short video sharing app, TikTok, over a cyber threat that has the potentials, to be very dangerous for users, if hackers get wind of it.

It has been claimed, by the two iOS developers that, TikTok have been leveraging on networks that are not secured, to channel every data of users, on the platform.

According to the developers, this move by the company is, very insecure and can lead to a data breach, which hackers can leverage on.

It has been alleged that, the company TikTok have been using insecure HTTP, to download media content, thus, making user privacy open and at risk of being easily breached.

This is, basically, because unencrypted HTTP traffic can easily be located and some hackers go as far as altering user’s data, for selfish gain.

The developers, who go by the name Talal Haj Bakry and Tommy Mysk, explained further by stating that, insecure HTTP can lead to security breach and hackers can easily pick one video published, by a user on the platform and switch it, with another one, without the user being aware.

Moreover, both developers, also, claimed that, hackers can also have full access, to users watch history, thus, having a clear idea, of what the user has been watching previously.

“While this [HTTP] improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered, by hackers”, the duo stated.

To demonstrate that their findings are real, the duo intercepted TikTok data, from CDN servers and replaced with a video they programmed.

The video they implanted, displayed fake COVID-19 content on WHO’s TikTok account, just the way they, (the developers), programmed it.

“We successfully intercepted TikTok traffic and fooled the app to show our own videos, as if they were published by popular and verified accounts.

This makes a perfect tool, for those who relentlessly, try to pollute the Internet with misleading facts”, the duo revealed.

For now, TikTok is yet to release an official statement, regarding this revelation by the developers, but rest assured that, we will share it, immediately TikTok responds.

Featured Image: devex

Don’t miss important articles during the week. Subscribe to cfamedia weekly digest for updates.