A team named Mysk managed to replace videos shared by popular accounts verified on TikTok with fake videos. The team, which has managed to influence the sharing of accounts like the World Health Organization, says they want to draw attention to TikTok's vulnerability.
People share their own videos TikTokWhen it comes to security, many people leave a question mark in their minds. Finally, as we've seen with Zoom, no matter how big or popular a platform is security problems it can always appear. This is also the case for TikTok, and there are multiple scandals, the name of which has been confused so far.
The last vulnerability detected on TikTok is that hackers can connect to fake servers and playing on videos he lets him do it. What causes this problem is to get media content from TikTok's company's Content Distribution Networks (CDN) HTTP instead of HTTPS is due to the use.
Security researchers managed to access many verified accounts:
(Embed) https://www.youtube.com/watch?v=votnypfkqly (/ embed)
To better explain the issue Using HTTPprovides a noticeable increase in data transfer performance but brings with it many vulnerabilities. Large platforms and browsers In transition to HTTPS this is the main reason. At this point, the team named Mysk uses videos published by users on TikTok, which uses HTTP instead of more secure HTTPS, on a local network. DNS attack and managed to replace it with fake videos.
As seen in the video above, Mysk World Health Organization in many popular and verified accounts false and false created videos with information. Since this action was taken to draw attention to TikTok's vulnerability, only users directly connected to the developers' server could see these videos.
"Smoking and electronic cigarettes kill the coronavirus."
Software developers who say they have no malicious intent that the attack is possible He underlined that they did such an action to emphasize. At this point, the main thing to be emphasized is malicious The extent to which a person can harm users and share misleading.
According to security researchers, if TikTok does not change its encryption, this will not be the only problem it will face. In other words, if the company does not switch to HTTPS, many more HTTP sourced will be attacked.