TikTok, a short video app downloaded more than a billion times on the Google Play Store, has caused a big bug. Hackers can share fake videos on the timeline of any users by taking advantage of this bug of TikTok. This bug has been revealed in TikTok by two iOS developers, although it has not yet made any statement on this report.
Developers claim that TikTok uses Unsecure (unsafe) HTTP to download media files and that hackers can take advantage of this HTTP to share fake videos from your account, as unencrypted HTTP traffic can be easily tracked. It is and can also be changed.
The developers, Talal Hajj Beri and Tommy Misk (Mysk), have stated in a blog post that hackers can change the videos shared by Ticketock users due to the use of unsafe HTTP. The blog claimed that it is possible to tamper with the verified account as well.
The blog states that social media platforms such as TicketLock depend on external servers, ie Content Delivery Networks (CDNs). The app uses unencrypted HTTP for video transfer, which can easily lead to hacking.
The report claims that the video can be changed when TikTok video traffic passes through the Wi-Fi router, due to unencrypted HTTP. It is being said that it is possible to change the profile picture along with the video, photo.