Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

May 30, 2020
in Internet Privacy
Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Mitron (means “friends” in Hindi), you have been fooled again!

Mitron is not really a ‘Made in India’ product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords.

You might also like

Everything You Need to Know About Evolving Threat of Ransomware

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

I am sure many of you already know what TikTok is, and those still unaware, it’s a highly popular video social platform where people upload short videos of themselves doing things like lip-syncing and dancing.

The wrath faced by Chinese-owned TikTok from all directions—mostly due to data security and ethnopolitical reasons—gave birth to new alternatives in the market, one of which is the Mitron app for Android.

Mitron video social platform recently caught headlines when the Android app crazily gained over 5 million installations and 250,000 5-star ratings in just 48 days after being released on the Google Play Store.

Popped out of nowhere, Mitron is not owned by any big company, but the app went viral overnight, capitalizing on its name that is popular in India as a commonly used greeting by Prime Minister Narendra Modi.

Besides this, PM Modi’s latest ‘vocal for local’ initiative to make India self-reliant has indirectly set up a narrative in the country to boycott Chinese services and products, and of course, #tiktokban and #IndiansAgainstTikTok hashtags trending due to TikTok vs. YouTube battle and CarryMinati roast video also rapidly increased the popularity of Mitron.

Any Mitron Users Account Can Be Hacked in Seconds

The insecurity that TikTok is a Chinese app and might have allegedly been abusing its users’ data for surveillance, unfortunately, turned millions into signing up for less trusted and insecure alternative blindly.

The Hacker News learned that the Mitron app contains a critical and easy-to-exploit software vulnerability that could let anyone bypass account authorization for any Mitron user within seconds.

The security issue discovered by Indian vulnerability researcher Rahul Kankrale resides in the way app implemented ‘Login with Google’ feature, which asks users’ permission to access their profile information via Google account while signing up but, ironically, doesn’t use it or create any secret tokens for authentication.

In other words, one can log into any targeted Mitron user profile just by knowing his or her unique user ID, which is a piece of public information available in the page source, and without entering any password—as shown in a video demonstration Rahul shared with The Hacker News.

Mitron App Was Not Developed; Instead Bought For Just $34

Promoted as a homegrown competitor to TikTok, in separate news, it turns out that the Mitron app has not been developed from scratch; instead, someone purchased a ready-made app from the Internet, and simply rebranded it.

While reviewing the app’s code for vulnerabilities, Rahul found that Mitron is actually a re-packaged version of the TicTic app created by a Pakistani software development company Qboxus who is selling it as a ready-to-launch clone for TikTok, musical.ly or Dubsmash like services.

In an interview with the media, Irfan Sheikh, CEO of Qboxus, said his company sells the source code, which the buyers are expected to customize.

“There is no problem with what the developer has done. He paid for the script and used it, which is okay. But, the problem is with people referring to it as an Indian-made app, which is not true, especially because they have not made any changes,” Irfan said.

Besides Mitron’s owner, more than 250 other developers have also purchased the TicTic app code since last year, potentially running a service that can be hacked using the same vulnerability.

Who is Behind the Mitron App? An Indian or a Pakistani?

Though the code has been developed by the Pakistani company, real identity of the person behind the Mitron app—TicTic at heart TikTok by face—has yet not been confirmed; however, some reports suggest it’s owned by a former student of the Indian Institute of Technology (IIT Roorkee).

Rahul told The Hacker News that he tried responsibly reporting the flaw to the app owner but failed as the email address mentioned on the Google Play Store, the only point of available contact, is non-operational.

Besides this, the homepage for the web server (shopkiller.in), where the backend infrastructure of the app is hosted, is also blank.

Considering that the flaw actually resides in the TicTic app code and affects any other similar cloned service running out there, The Hacker News has reached out to Qboxus and disclosed details of the flaw before publishing this story.

We will update this article when we receive a response.

Is Mitron App Safe to Use?

In short, since:

  • the vulnerability has not yet been patched,
  • the owner of the app is unknown,
  • the privacy policy of the service doesn’t exist, and
  • there are no terms of use,

… it’s highly recommended to simply do not install or use the untrusted application.

If you’re among those 5 million who have already created a profile with the Mitron app and granted it access to your Google profile, revoke it immediately.

Unfortunately, there’s no way you can delete your Mitron account yourself, but the hacking of Mitron user profile would not severely impact unless you have at least a few thousand followers on the platform.

However, keeping an untrusted app installed on your smartphone is not a good idea and could put your data from other apps and sensitive information stored on it at risk, so users are advised to uninstall the app for good.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Prince Harry Will Be the Fall Guy When Meghan Markle’s Hollywood Scheme Fails

Next Post

GitHub warns Java developers of new malware poisoning NetBeans projects

Related Posts

Everything You Need to Know About Evolving Threat of Ransomware
Internet Privacy

Everything You Need to Know About Evolving Threat of Ransomware

February 25, 2021
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Internet Privacy

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

February 25, 2021
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Internet Privacy

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

February 24, 2021
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Internet Privacy

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

February 24, 2021
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Internet Privacy

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

February 24, 2021
Next Post
GitHub warns Java developers of new malware poisoning NetBeans projects

GitHub warns Java developers of new malware poisoning NetBeans projects

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains
Blockchain

KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains

February 25, 2021
IBM Reportedly Retreating from Healthcare with Watson 
Artificial Intelligence

IBM Reportedly Retreating from Healthcare with Watson 

February 25, 2021
Using machine learning to identify blood biomarkers for early diagnosis of autism
Machine Learning

Using machine learning to identify blood biomarkers for early diagnosis of autism

February 25, 2021
Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021
Neural Networks

Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021

February 25, 2021
How to Identify and Prioritize Marketing Ideas
Marketing Technology

How to Identify and Prioritize Marketing Ideas

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ukraine reports cyber-attack on government document management system February 25, 2021
  • KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains February 25, 2021
  • IBM Reportedly Retreating from Healthcare with Watson  February 25, 2021
  • Using machine learning to identify blood biomarkers for early diagnosis of autism February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates