Hackers tricked TikTok to show fake COVID-19 videos

The Coronavirus situation forced people around the world to stay in their homes. As a result, many social networks and chat services saw spikes in active users as people searched for a way to stay connected during the lockdown. The increased traffic, however, underlined security issues in some platforms, like Zoom's Company Directory feature, which allowed users to have access to contacts with the same custom domain name, exposing the personal data of thousands of people.

Now a duo of iOS developers known as Mysk has exploited a vulnerability in the video-sharing network TikTok to swap content and show fake COVID-19 videos, Android Authority reports. The two iOS developers performed a simple hack made possible by the less secure HTTP protocol TikTok uses. Mysk was able to swap videos published by verified accounts with fake ones and then show them to users in the local network.

The hackers basically posted fake COVID-19 information, and it appeared under the World Health Organization's TikTok account. Fortunately, this was all done in a closed environment, and no actual users saw the fake videos. Mysk published a detailed description of the vulnerability on its blog. And while the ethical hackers exploited the issue only to highlight a security problem, malicious individuals won't hesitate to use it for their own dark purposes.

The vulnerability affects the TikTok Android app version 15.7.4 and iOS app version 15.5.6. Take a look at the hack in action in the video below.