Mitron App, an Emerging TikTok Alternative, Said to Have Vulnerability That Puts User Accounts at Risk

Mitron app, which was released as an option to TikTok and has acquired notable reputation in a shorter time, allegedly has a vulnerability that could enable an attacker to compromise consumer accounts and deliver messages on behalf of a particular consumer. The flaw doesn’t enable any undesirable actor to steal individual information these kinds of as the electronic mail ID that a consumer has applied to signal up an account on the Mitron app. Having said that, it can be exploited to acquire entry to the profile of the influenced consumer. The Mitron app is so far exceptional to Android and has attained around fifty lakh downloads on Google Participate in.

By exploiting the vulnerability of the Mitron app, an attacker could deliver messages to other people and even observe other men and women or remark on behalf of the sufferer, cyber-security researcher Rahul Kankrale advised Devices 360. He mentioned the problem exists within the login process of the app that allows undesirable actors to intercept and acquire the unique consumer ID of the sufferer that can be applied to log in to their accounts — without demanding any passwords or an further verification.

Kankrale also described that the developer of the Mitron app isn’t using the Secure Sockets Layer (SSL) protocol to secure the login. Although the app does enable people to login with their present Google accounts, it procedures the login by way of the unique consumer ID instead of using the delivered Google account, he included.

He has also made a video displaying the scope of the vulnerability that is nevertheless to be set. He originally informed security-focussed web site The Hacker Information about the vulnerability.

Devices 360 failed to elicit a response from the electronic mail address delivered on the Google Participate in listing of the Mitron app to get clarity on the flaw.

The Mitron app came into limelight as an India-made answer to counter TikTok. Some reports claimed that it was made by a university student of IIT Roorkee. Having said that, on Friday, it was reported that the app is not made in India and introduced from a Pakistani computer software developer firm Qboxus.

Devices 360 doesn’t endorse any person to put in and use the app that doesn’t have any clarity about its makers and has at minimum just one important vulnerability that is nevertheless to be set.

Is Realme Television the greatest Television below Rs. 15,000 in India? We mentioned this on Orbital, our weekly technological know-how podcast, which you can subscribe to by using Apple Podcasts or RSS, download the episode, or just hit the participate in button under.

Maria J. Danford

Next Post

Apple account takeover bug nets researcher US$100,000 - Security

Sun May 31 , 2020
Apple appears to have dodged a significant bullet immediately after researcher identified a gaping gap in its indicator-in authentication procedure that allowed comprehensive account takeover in 3rd-bash apps, and possibly companies these kinds of as iCloud as very well. In April this calendar year, Delhi-based mostly bug bounty hunter Bhavuk […]

You May Like