Technology
Security flaw in Indian short video platform Chingari allows hackers access to user accounts – Livemint
Attackers could use the vulnerability to gain access to their accounts and change their account settings or even upload content on their behalf.
A security flaw has been found in Indian short-video app, Chingari, which has garnered millions of downloads following the Indian governments ban of TikTok and 58 other Chinese apps. Girish Kumar, who works at cybersecurity firm Encode, demonstrated the vulnerability via a video on YouTube, showing how attackers could take over user accounts by exploiting it.Kumar told HackerNews, which first reported the vulnerability, that targeted users did not need to be involved in order for the hack to work. Attackers could use the vulnerability to gain access to their accounts and change their account settings or even upload content on their behalf.
The company acknowledged the flaw and said it has addressed and patched the same in the 24 hours since it was notified about it. The flaw was in version 2.4.0 and below of the app, according to the companys statement. We have pushed updates on both Play Store and App Store with fixes,” the company said. The updates are still pending for approval by Google and Apple.
The company also said that the affected versions may stop working since the company has shut down the application programming interfaces (APIs) associated with them. It is advisable to update the app to the latest version. Rest assured that your sensitive data like email etc. are not compromised. No user data was compromised due to this vulnerability,” the statement said.
Chingari is amongst the many Indian apps that have benefitted from the ban on TikTok and accompanying Chinese apps by the Indian government. The company has amassed over 19 million downloads in under two weeks. Its founder, Sumit Ghosh, had earlier told Mint that the company is enroute to raising funds right now.
Another Indian clone of TikTok, Mitron, had also been found to be vulnerable back in May. Like Chingari, that vulnerability also allowed attackers to log in to a users account without their intervention.
..
Click here to read the Mint ePaperLivemint.com is now on Telegram. Join Livemint channel in your Telegram and stay updated
Topics
-
Noosa News20 hours agoBrisbane council budget 2025: Winners and losers
-
Noosa News23 hours agoSuspicious fire, Glenview – Sunshine Coast
-
Business15 hours ago3 of the best ASX stocks to buy now with $2,500
-
Noosa News14 hours agoRapist who tortured woman for weeks claims he deserves a lighter sentence for not letting her die