security

Mitron App’s Security Flaw Lets Hackers Access User Accounts In Seconds: Report – Mashable India


Mitron, a video-making app, has been gaining immense popularity among the Indians as a rival of popular video app TikTok. The app has already crossed over 5 million downloads on the Google Play Store with an average rating of 4.7 stars. However, it has come to light that the app has a major security vulnerability that lets threat actors exploit users’ accounts by easily bypassing account authorization.

SEE ALSO: TikTok Ratings Bump Up To 4.4 Stars On Play Store As Google Cleans Up Mass Negative Reviews

As first brought to light by the Hacker News, cybersecurity researcher, Rahul Kankrale, revealed that this security flaw lies in the app’s ‘Login with Google’ feature. This feature requires user’s permission to access their profile information via Google account when they’re signing up. However, it doesn’t make use of any secret tokens required for authentication of the user. So, an attacker simply needs to know the victim’s unique user ID and they’ll be able to access the account without requiring any password.

By exploiting this feature, anyone can easily gain access to a user’s account where they can then follow others and comment on different videos through this account. Moreover, the report states that this security vulnerability has not yet been patched and there isn’t even any privacy policy or terms of use on the app, which makes it very unsafe to use.

SEE ALSO: This TikTok clone is number one on the App Store. But is it all smoke and mirrors?

Add to this the fact that Mitron is not made by Indian developers instead it was bought from a Pakistani software development company, Qboxus, for $34 i.e. Rs 2,600. Mitron app’s entire source code was bought from Qboxus along with its features and the user interface, after which it was rebranded as ‘Mitron’ in India. In fact, Mitron developers have taken the exact product from Qboxus and have not changed anything in the interface.

As a precautionary measure, users are advised to uninstall the app as it can put your account and data to risk.



READ SOURCE

Leave a Reply