Apart from video teleconferencing platforms, TikTok is one of the mobile apps experiencing the surge of users because of the COVID-19 pandemic. The Chinese video sharing social networking service was riddled with security issues in the past. Interestingly, security researchers recently discovered that a flaw in the app makes it vulnerable for hackers to replace users' videos.
Latest TikTok Investigation
A recent investigation conducted by mobile developers Tommy Mysk and Talal Haj Bakry revealed that data from TikTok could be intercepted and altered because of a vulnerability. According to these developers, apps like TikTok features backward compatible support for HTTP in both Android and iOS platforms. Further, the investigation uncovered that while the majority of the apps already transitioned to HTTPS, TikTok still uses unencrypted HTTP for its media content.
As a result, TikTok is susceptible to all well-documented and known HTTP vulnerabilities. In other words, the privacy of TikTok users is at risk because malicious actors and attackers could easily intercept and alter unencrypted HTTP traffic. Users also run the risk of having their watch history and data accessed by cybercriminals.
Other Details
The Cupertino tech giant earlier introduced the App Transport Security when it launched the iOS 9. In this update, Apple requires all HTTP connections to utilize encrypted HTTPS, reports Macrumors. Search engine giant Google has also made some changes regarding modifying the default network security settings in Android Pie apparently to restrict all HTTP plaintext traffic.
However, there are still HTTP vulnerabilities in both iOS and Android devices since both Google and Apple still offer a way for developers to choose backward compatible HTTPS. The recent investigation conducted by mobile developers' Tommy Mysk and Talal Haj Bakry only prove that it is still possible to intercept TikTok traffic.
We tricked #TikTok to connect to our fake server. We hijacked the timeline so the app shows spam videos about #COVID19#Security #Cybersecurity #Hacking
For more on this: https://t.co/0e7RGyleIW pic.twitter.com/49BbkYbunq — Mysk (@mysk_co) April 13, 2020
It underlines the possibility that the traffic on the Beijing-based video sharing social networking app could be intercepted and fooled to show fake videos like they were uploaded by verified and popular accounts. Also, attackers could easily change the profile photo of the user. TikTok recently exceeded one billion installs on the Google Play Store.
What Should TikTok Users Do?
TikTok users should take precautions when viewing videos on the app since they could be replaced instantly. If its a video of a user doing dance or song covers, it does not matter much. However, if it is something related to the COVID-19 pandemic, do not rely on TikTok videos until this recently discovered issue is resolved.
