Security News > 2020 > April > TikTok users beware: Hackers could swap your videos with their own
Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos".
We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.
Mysk and Haj Bakry's post includes some short videos showing fake coronavirus news videos inserted into the TikTok app where you certainly wouldn't expect to see them.
They delivered their "Fake news" by booby-trapping their own network router to redirect requests from TikTok's CDN to use their own video server instead. But if the TikTok app were using HTTPS throughout, that sort of deception would be considerably more difficult because their router would not have the right HTTPS certificate to vouch for their swapped-out content, so the app would reject it.
If you are worried about how much others on your network might learn about you by eavesdropping on your TikTok viewing habits, stop using the TikTok app and stick to the website instead. For the TikTok programmers.