A security researcher has discovered a critical flaw in the Mitron app, the newly trending TikTok alternative app.
A security researcher has discovered a critical flaw in the Mitron app, the newly trending TikTok alternative app.
The vulnerability was discovered by security researcher Rahul Kankrale which allows anyone to gain access to user accounts and send messages or follow other users in few seconds.
Mitron app which is considered as the alternative for TikTok was downloaded over 5 million times within 48 days of its release in Google Play Store.
The issue lies in the login feature of the app using Google Login where it doesnt generate any secret token for authentication.
The attacker can log in to the user account by gaining users unique user ID which is easily available in the page source.
The researcher has also published a video demonstrated of the attack which is shown below:
While reviewing the code of the application the researcher also discovered codes of TicTic app which is said to clone version of TikTok. The Mitron app was rumoured to be Indian made.
TicTic is an application created by a Pakistani software company named Qboxus and which sells its source code which can be customized by buyers.
The researcher tried to notify the developer about the flaw but was not able to reach them and reported it to The Hacker News.
The flaw is yet to be patched users are requested not to download to the app until then. Users who downloaded are requested to revoke access granted to Google profile immediately.
Update: As of nowThe Mitron app has been removed from Google Playstore, neither google and app developer has revealed anything about the removal.
The users who have installed the application are requested to uninstall the application immediately
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.Y
You may be interested in reading: Private Zoom Video Recordings Exposed Online