Indian TikTok rival Chingari app accounts can be hijacked easily without takeover on username and passwords

0

This Researcher says that Indian TikTok rival Chinagari accounts can be hacked easily through a critical flaw

Chingari has been developed by a Chhattisgarh-based developer and is billed as the Indian version of TikTok, which is popular in the world of digital entertainment. Along with its Bhilai-based chief of product, Sumit Ghosh, the app also has developers from Odisha and Karnataka. Well, the best part of the app is that it also shares Trending news, Entertainment news, Funny videos, Video Songs, Wishes, Love quotes, Status Videos, Good morning, Good night Shayaris, Clips and Memes.

According to Girish Kumar, a cybersecurity researcher, the Indian TikTok rival contains a critical flaw easy-to-exploit authentication. This allows anyone to hack any user Chingari account and harm their information, content, and the videos which are uploaded.

Chingari also has features like trending news, entertainment news, funny videos, video songs, wishes, love quotes, status videos for WhatsApp, etc. So far, over 10,000 creators are making entertaining content using this platform every day.

When the user downloads the Chingari app for Android and iOS, it asks the user to register an account. The user needs to enter basic profile details to Google accounts. According to the Girish, the Chingari app uses randomly generated user ID to get the profile information and other data from the server without taking any token for user authentication.

According to the video posted by Girish, not only the user ID can be recovered, but it can also be used by the attacker to replace the victim’s user ID in HTTP requests to get all the account information. However, the app also comes with a feature that allows users to turn off comments and sharing of the post and that’s vulnerable too. The user can do it simply bypassed by tweaking the HTTP response code. ({“share”: false,” comment”:false}), which makes it possible for hackers to share and comment on the restricted videos.

The Chingari team confirmed THN that the issue will be been patched with the release of Chingari version 2.4.1 for #Android and 2.2.6 for #iOS, expected to be rolled out to millions of its users via Google Play Store and Apple app store starting today.

It is recommended to all the users to update the Chingari app as soon as possible. For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.

Share.

About Author

Be Ready for the challenge

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments