Friday, November 15, 2024
Advertisement
  1. You Are At:
  2. News
  3. Technology
  4. TikTok flaw allowed hackers to post fake Coronavirus videos: Know how

TikTok flaw allowed hackers to post fake Coronavirus videos: Know how

TikTok is prone to a security vulnerability that can let hackers post fake videos. Read on to know more

Written by: India TV Tech Desk New Delhi Published on: April 16, 2020 19:12 IST
tiktok, tiktok app, tiktok security flaw, tiktok security gltich, tiktok vulnerability, tiktok flaw
Image Source : PIXABAY

TikTok security issue

Popular video-sharing platform TikTok is prone to a security flaw that can allow cybercriminals to post fake videos related to Coronavirus, thus, spreading misinformation about the ongoing COVID-19 crisis. The security glitch was discovered by App developers Tommy Mysk and Talal Haj Bakry, who posted about it on a blog post. Read on to know more about it.

TikTok security flaw

It is suggested that both the app developers could easily post fake Coronavirus-related videos from others' TikTok accounts. This was possible as the TikTok uses HTTP protocol for Content Delivery Networks (CDN) to transfer data instead of HTTPS. Since HTTP can be easily tracked and isn't as secure as HTTPS, it can be exploited by hackers. For those who don't know, a content delivery network or a content distribution network is a network based on geography with proxy servers and data centres.

The app developers were able to replace the actual videos posted by users on TikTok by videos spreading Coronavirus fake news. TikTok for iOS and Android use HTTP to transfer videos, profile photos, and video still images in an unencrypted way to the TikTok CDN. This flaw can also allow people to know what videos a user watched or downloaded.

To replace the real videos by the fake videos, Mysk and Bakry created a fake TikTok CDN and directed the data to the fake server. This way, they were able to swap the videos but kept the profile pictures the same. However, images can also be changed. Additionally, a man-in-the-middle attack can also manipulate the downloaded data.

Tim Erlin, vice president of product management at Tripwire (Cybersecurity firm) told The Independent, “This type of attack represents a different kind of privilege escalation. Masquerading as an authoritative identity in order to feed false information into someone’s feed could be used for all kinds of malicious intents.” 

The fake videos included misinformation such as 'smoking and vaping kill the Coronavirus', 'Washing hands too often causes skin cancer', 'Staying home is the main cause of Claustrophobia' and many more. This way, hackers can easily misuse the popular social media platform for sending out fake news in the time when misinformation has become our enemy.

TikTok has suggested that the it will soon opt for HTTPS to avoid any security issues.

Latest technology reviews, news and more

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Technology

Advertisement
Advertisement
Advertisement
Advertisement