Over a year and a half ago TikTok has become another popular application around the world, especially among young people. Split just now has increased the app's popularity. Despite its popularity, skepticism about security and privacy has not disappeared. Now a security error has been detected.
This security installation found in the app allows attackers inject any video, such as fake videos, into a user's feed. It's a worrying security feature, especially considering that TikTok has about 1 billion users worldwide.
Totally Tok Tok: all the tricks and tips to improve your videos
Tik Tok was complaining about updating us. And after an in-depth study, we bring you its essential tricks, secrets and advice.
TikTok is security error
A report in which the security breach of the application has been reported, informs you TikTok does not work with code. This assumes that the HTTP protocol, which is not as secure as HTTPS, is used to download multimedia content. Although this protocol facilitates the transfer of content, it risks your privacy, as it allows photos and videos for users to upload to be easily interrupted.
TikTok uses a CDN (Content Distribution Network or Content Distribution Network) to distribute your large data geographically. Although this is possible, the HTTP protocol is used, which they use to connect to a specified CDN. Just look at the app traffic to see large volumes are transmitted over HTTP. Additionally, you can see photos and videos being transferred without encryption.
When an attacker enters this process, they will know all the videos that the user has downloaded or downloaded, called the playback history. In addition, it will know that download said video and changed it, to be able to download it back to the app. This can allow you to enter spam messages or spread fake news of an application in a simple way. Since the video would also be uploaded to the user's feed, just like a normal video.
Problem still unresolved
A team of investigators decided to perform various tests to see how this can happen. They have launched a series of secret services and downloaded videos to TikTok, which they later converted. Once changed, they were reloaded to the app and displayed again on the victim's profile.
For these types of attacks to occur, attackers should have access to the router, which will allow them to access the app and thereby convert or use user-specified videos. The fact that you have to log in to a user router is something that is somehow likely to suffer this kind of problem, but that makes it clear that app security is in trouble. In addition there is a fear that malicious hoaxes, false stories or controversies will be distributed in the app due to these failures.
As researchers have pointed out, TikTok's latest versions of Android and iOS videos and photos remain unencryptedSo it's still a real risk, which can affect users in the app. It is expected that the company behind the app will take action soon and improve security on the app, either with a review, or has not yet made any statements about it.
