Security News
Mobile health app Babylon, which states its company mission as putting "An accessible and affordable health service in the hands of every person on earth", has admitted to a software bug that went one step further than that. The user, named by the BBC as Rory Glover from Leeds in England, apparently used the app to check up on a prescription of his own, only to find that the "Consultation Replays" feature of the app contained a list of 50 videos for him to review.
A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.
Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos". We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.
The bug, which Google describes as a technical issue, was triggered when users requested a Google "Download your data" export. In the notification sent to the impacted users, Google reveals that those who used Takeout to download their data might have ended up with someone else's videos in their Google Photos backups.
During this time, some videos in Google Photos were incorrectly exported to unrelated users' archives. Conversely, being a two-way issue, affected users might notice any videos in their archive not belonging to them.
A bug in Google's Photo software caused potentially 100,000 or more netizens to have their personal videos exposed to complete strangers last Thanksgiving. The Chocolate Factory this week began notifying punters that a bug in its data-archiving tool Takeout was to blame for some accounts having their private videos shared with total strangers.
Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which "Some videos in Google Photos [service] were incorrectly exported to unrelated user's archives."
Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which "Some videos in Google Photos [service] were incorrectly exported to unrelated user's archives."
The logs record when someone uses the Peekaboo app and the specific action they took at a certain point in time, such as uploading data or content. Exposed data includes email addresses, detailed device data and often, links to photos and videos, all of which get stored on servers hosted by Singapore-based Alibaba Cloud.
TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers. If the user clicked that malicious link, the attacker could access the user's TikTok account and, so Check Point said, manipulate its content by deleting videos, uploading new videos and making private or "Hidden" videos public.