Wednesday, 17 September 2025
28.5 C
Singapore
29.2 C
Thailand
19.3 C
Indonesia
27.6 C
Philippines

TikTok faces a challenge as hackers inject coronavirus videos in people’s accounts

Imagine this: you are scrolling your TikTok feed, and you all over sudden notice a video that you did not upload in your account. It turns out that this is possible after a team of software developers discovered a vulnerability on TikTok that allows hackers to swap videos. Talal Haj Bakry and Tommy Mysk shared their […]

Imagine this: you are scrolling your TikTok feed, and you all over sudden notice a video that you did not upload in your account. It turns out that this is possible after a team of software developers discovered a vulnerability on TikTok that allows hackers to swap videos.

Talal Haj Bakry and Tommy Mysk shared their findings in a post, which explained that the platform uses CDNs (Content Delivery Networks) to transfer their data across the world effectively. So as to improve their performance, these CDNs transfer the data over HTTP, which is unencrypted instead of choosing HTTPS, which is more secure and doesn’t put user’s data at risk.

“Any router between the TikTok app and TikTok’s CDNs can easily list all the videos that user has downloaded and watched, exposing their watch history,” Mysk wrote. “Public Wi-Fi operators, internet service providers, and intelligence agencies can collect this data without much effort,” he further added.

Since TikTok transfers data such as profile pictures and videos via HTTP, these developers found it susceptible to attacks. Basically, attackers could alter the content in transmission, then swap the real video on an account with a fake of their choosing.

They demonstrated how problematic this issue could be by inflicting a DNS attack on a local network. Using the discovered vulnerability, the developers uploaded a video that shared coronavirus misinformation and injected it into WHO’s (World Health Organization) TikTok account. They were also able to use the same process and upload fake videos on TikTok verified accounts such as the Red Cross.

To do it, the developers tricked the TikTok app into directing to a fake server that they had set up and mimicked the CDN servers of TikTok. “This can be achieved by actors who have direct access to the routers that users are connected to,” the duo explained in their post.

However, a malicious actor can use their method and cause some real damage. “If a popular DNS server was hacked to include a corrupt DNS record…misleading information, fake news, or abusive videos would be viewed on a large scale, and this is not completely impossible,” the developers explained.

Tommy Mysk confirmed that the decision to choose HTTP over HTTPS sets TikTok apart from high-profile platforms such as YouTube, Instagram, Facebook, Twitter, and Snapchat, which all transfer their data using HTTPS.

TikTok has always claimed that it is a secure platform, but several security flaws that have been discovered recently have led to some government workers in the US being banned from using the platform, and this latest security issue is definitely not good news for the company.

Hot this week

Coursera launches Skill Tracks to address workplace skill gaps

Coursera launches Skill Tracks to help organisations close skill gaps with role-based, data-driven learning across IT, data, software, and GenAI.

80% of Singaporeans use AI daily but few trust it for finance or mental health, survey finds

A Milieu Insight survey shows 80% of Singaporeans use AI daily but few trust it for financial or mental health advice.

Grammarly expands grammar support to Spanish, French and more languages

Grammarly now supports Spanish, French, Portuguese, German, and Italian, expanding its AI grammar tools to six core languages.

Canon unveils next-generation video production equipment to elevate cinematic storytelling

Canon launches EOS C50, RF85mm f/1.4L VCM, and CN5x11 IAS T R1/P1 to support next-generation video production and storytelling.

NetApp launches StorageGRID 12.0 to accelerate AI workloads and boost data security

NetApp introduces StorageGRID 12.0 with faster AI performance, simplified management, and stronger security for unstructured data.

Xiaomi teases Xiaomi 17 series ahead of Snapdragon Summit

Xiaomi teases Xiaomi 17 series with Pro and Pro Max models, likely to launch at Qualcomm’s Snapdragon Summit in late September.

Trump and Xi meet to decide TikTok’s future in the US

A Trump–Xi meeting this week will decide if TikTok stays in the US under a new ownership framework, ending months of uncertainty.

Epson Southeast Asia highlights circular economy progress in sustainability report

Epson’s FY2024 Southeast Asia sustainability report highlights emissions cuts, circular economy gains, and community programmes.

Proofpoint launches agentic AI solution for human communications intelligence

Proofpoint introduces its first agentic AI for Human Communications Intelligence, enabling real-time compliance and risk prevention.

Related Articles

Popular Categories