TikTok is currently under the microscope for its weak security system in handling user data. It vows to implement a stronger network to protect its users.
TikTok has been a global phenomenon, and not just for the younger generation. The funky app, which allows its users to take funny and creative videos, also got millions of adults that enjoy music and dancing.
In a 2019 data, TikTok has a total of 1.5 billion downloads across all devices. It has over 800 million active users, and a total of 1.5 billion viewed videos every day.
The sheer amount of data available for the company is unimaginable; as such, the United States government has warned its personnel from using the app indiscriminately.
The Chinese company has also come under fire recently. This is because the Chinese government may force the hand of the company to disclose data for the Central Government’s use.
Insecure HTTP server
TikTok relies on Content Delivery Networks (CDN) to transmit videos to its users from the company’s servers. It is through these networks that the company is also able to receive data from all of its user base.
Unfortunately, the widely successful company hasn’t had the foresight to use a secure line to do the transmission. TikTok apparently only uses HTTP.
Given this insecure line, hackers are able to insert malicious videos and content in TikTok users’ feed. They do this by intercepting the transfer of data between TikTok’s servers and users’ phones.
The danger in this interception is the spread of misinformation or propaganda to TikTok users. The wide base of the people using it is vulnerable to being exposed to ill-minded attacks by certain people or organizations.
#TikTok still uses plain HTTP. I used this vulnerability to post spam videos about #COVID19 on @WHO feed.
Both #iOS and #Android apps displayed the spam.Check this video out: pic.twitter.com/RrBwBwKbxw
— Tommy Mysk (@tommymysk) April 13, 2020
Multiple ways of interference
The app data has to be transported through multiple steps in order to reach its end users. In every step of the way, hackers may simply intercept the actual video content for an infiltrated video.
These steps include interference from Wi-Fi operators, Internet Service Providers, VPN providers, and even the Government and Intelligence agencies.
With just HTTP in place for the transmission of data, all these four entities can swap out real TikTok contents for fake ones.
We tricked #TikTok to connect to our fake server. We hijacked the timeline so the app shows spam videos about #COVID19#Security #Cybersecurity #Hacking
For more on this: https://t.co/0e7RGyleIW pic.twitter.com/49BbkYbunq— Mysk (@mysk_co) April 13, 2020
TikTok to implement HTTPs soon
The company has vowed to protect the secrecy of its users’ data. The ‘s’ in the HTTP simply stands for secure. Although not actually tamper-proof, the HTTPs servers provide more secure transmission of data.
Hackers must implement multiple folds of decryption just to get access to users’ data.
Unfortunately, the promise seems to be an empty one from the company. Several hackers have attempted to do multiple interceptions. They even brought to twitter a sample of their work.
Fortunately, on the other hand, the hacks were just to show the vulnerability of the app, and not really for propaganda.
Image courtesy of Scott Webb/ Unsplash