TikTok's Unencrypted Service Creates Threat to User Privacy
Exposing your personal data and allowing hackers to swap your videos out.
A new study from two developers Tommy Mysk and Talal Haj Bakry reveal that TikTok‘s current system for transferring data is rather vulnerable to hackers.
The two explain that TikTok currently uses a system called Content Delivery Networks (CDNs) in order to transfer data around the globe, and in order to enhance its performance, the CDNs will rely on HTTP. Unfortunately, unlike the more secure HTTPS, HTTP is not encrypted, meaning it’s more readily penetrable by hackers. “Any router between the TikTok app and TikTok’s CDNs can easily list all the videos that a user has downloaded and watched, exposing their watch history,” the two write. “Public Wifi operators, Internet Service Providers, and intelligence agencies can collect this data without much effort.”
Aside from data collection, HTTP also opens to door for hackers to swap in fake videos after your upload. To demonstrate this, the duo were able to upload a video onto the World Health Organization’s official TikTok account which shared false coronavirus information. They were also able to replicate this with other verified accounts, including the Red Cross and even TikTok’s very own channel. “If a popular DNS server was hacked to include a corrupt DNS record…misleading information, fake news, or abusive videos would be viewed on a large scale,” they said. “This is not completely impossible.”
Unlike TikTok, however, other social media platforms such as Facebook, Instagram, YouTube, Twitter and Snapchat have all moved to HTTPS.
To learn more about their findings, head over to the developers’ blog post now.
In other tech-related news, Instagram livestreams can now been viewed on your web browser.
