What you need to know
- TikTok is big. Really big.
- But it isn't without its problems, including security flaws.
- The latest allows bad actors to make fake videos appear as if from trusted accounts.
TikTok is hot right now but it's already had a security scare after it turned out the app could read your iPhone's clipboard without your knowledge. Now things are even worse – people can create fake videos and make them appear as if they came from verified and trusted accounts.
The revelation came after developers Talal Haj Baktry and Tommy Mysk shared details about their escapades in a blog post. The gist is surprisingly simple – TikTok pulls videos from a content delivery network (CDN) via a standard HTTP connection. That means there's no encryption. And that means the whole thing can be spoofed.
But both Apple and Google give developers a way to opt out so they can maintain backward compatibility where needed. But TikTok seems to be using this opt-out option for reasons unknown. By doing that it opens itself up to all kinds of problems by doing so. TikTok for iOS (Version 15.5.6) and TikTok for Android (Version 15.7.4) still use unencrypted connections.
So the two developers set about creating their own server and pointing their DNS server at it. That meant that any request for one of TikTok's three media servers went to a server that was owned by the developers. And then they went to work.
The result? See for yourself.
This threat does require that someone have access to the DNS server your device is using. But that's easier than you might think. Internet Service Providers, unscrupulous VPN companies, governments, and more could all tamper with DNS entries. Especially if you happen to live in certain parts of the world.
With "around 800 million monthly active users," TikTok really ought to up its game. And fast.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.
Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.