Security News

Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. Popped out of nowhere, Mitron is not owned by any big company, but the app went viral overnight, capitalizing on its name that is popular in India as a commonly used greeting by Prime Minister Narendra Modi.

Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. Popped out of nowhere, Mitron is not owned by any big company, but the app went viral overnight, capitalizing on its name that is popular in India as a commonly used greeting by Prime Minister Narendra Modi.

A coalition of consumer groups filed a complaint Thursday with US regulators claiming the popular video app TikTok has failed to live up to an agreement last year limiting data collection from children. The 20 organizations said in a Federal Trade Commission complaint that TikTok continues to collect data on children under 13 without parental consent despite a February 2019 US court settlement.

The complaint alleged that TikTok violated a previous agreement with the FTC, where it had vowed to remove all videos previously uploaded by children under the age of 13 and make stronger efforts to request parental consent when collecting children's personal data. TikTok's previous agreement came after it was slapped with a $5.7 million FTC fine for violating the Children's Online Privacy Protection Act, which sets privacy rules for operators of websites or online services directed to children under 13 years of age.

On Friday, the Dutch Data Protection Authority announced that it's launched an investigation into how TikTok handles user privacy. The rise of TikTok has led to growing concerns about privacy.

More-popular-than-ever "Youngster" app TikTok has just announced a feature called Family Pairing. ICYMI, TikTok - which bills itself as TikTok, Make Your Day - is a video sharing service that lets you post and share fun videos up to 60 seconds long.

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!

A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.

Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos". We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.

As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.