News Categories

PSA: TikTok videos at risk when app is used on smartphones

By Ken Wong - on 14 Apr 2020, 5:51pm

PSA: TikTok videos at risk when app is used on smartphones

Image source Tik Tok

Researchers have found a vulnerability in popular app TikTok that can list all the videos that a user has downloaded and watched, thus exposing their viewing history to public Wi-Fi operators, internet service providers, and intelligence agencies who can collect this data without much effort. 

Online reports say the flaw was found when two iOS developers used a simple hack to trick the app into connecting to their fake server.

In a blog post detailing their findings, Tommy Mysk and Talal Haj Bakry explained that the flaw happens because TikTok uses unencrypted HTTP to pull media content from TikTok's Content Delivery Networks (CDNs). While this improves performance, it isn’t as secure as using HTTPS.

The duo demonstrated how this hack would work by substituting official World Health Organization clips with fake news on the coronavirus. A video from their blog shows the process above. 

They said in their post:

As demonstrated, HTTP opens the door for server impersonation and data manipulation. This makes a perfect tool for those who relentlessly try to pollute the internet with misleading facts.

Mysk ended the post with a call for TikTok to adhere to industry standards in terms of data privacy and protection.

Sources: Android Authority, AppleInsider

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.