A team named Mysk managed to replace videos shared by popular accounts verified on TikTok with fake videos. The team, which has managed to influence the sharing of accounts like the World Health Organization, says they want to draw attention to TikTok’s vulnerability.
TikTok, where people share their own videos, leaves a lot of questions in the minds of many when it comes to security. Finally, as we’ve seen with Zoom, no matter how large or popular a platform, security issues can always arise. This is also the case for TikTok, and there are multiple scandals, the name of which has been confused so far.
The last vulnerability detected on TikTok allows hackers to connect to fake servers and play on videos. The reason for this problem is that TikTok uses HTTP instead of HTTPS to get media content from the company’s Content Distribution Networks (CDN).
Security researchers managed to access many verified accounts:
To better explain the issue, using HTTP provides a noticeable increase in data transfer performance, but it also comes with many vulnerabilities. This is the main reason why large platforms and browsers switch to HTTPS. At this point, the team named Mysk managed to replace the videos published by users on TikTok, which uses HTTP instead of more secure HTTPS, by forging DNS attacks on a local network with fake videos.
As can be seen in the video above, Mysk created videos containing fake and false information on many popular and verified accounts, including the World Health Organization. Since this action was taken to draw attention to TikTok’s vulnerability, only users directly connected to the developers’ server could see these videos.
“Smoking and electronic cigarettes kill the coronavirus.”
Saying that they have no malicious intent, the software developers also underlined that they did such an action only to emphasize that the attack is possible. At this point, what was really emphasized was how badly a malicious person could harm users and make misleading posts.
According to security researchers, if TikTok does not change its encryption, this will not be the only problem it will face. In other words, if the company does not switch to HTTPS, it will be exposed to many HTTP attacks.