Technology
Security flaw in Indian short video platform Chingari allows hackers access to user accounts – Livemint
Attackers could use the vulnerability to gain access to their accounts and change their account settings or even upload content on their behalf.
A security flaw has been found in Indian short-video app, Chingari, which has garnered millions of downloads following the Indian governments ban of TikTok and 58 other Chinese apps. Girish Kumar, who works at cybersecurity firm Encode, demonstrated the vulnerability via a video on YouTube, showing how attackers could take over user accounts by exploiting it.Kumar told HackerNews, which first reported the vulnerability, that targeted users did not need to be involved in order for the hack to work. Attackers could use the vulnerability to gain access to their accounts and change their account settings or even upload content on their behalf.
The company acknowledged the flaw and said it has addressed and patched the same in the 24 hours since it was notified about it. The flaw was in version 2.4.0 and below of the app, according to the companys statement. We have pushed updates on both Play Store and App Store with fixes,” the company said. The updates are still pending for approval by Google and Apple.
The company also said that the affected versions may stop working since the company has shut down the application programming interfaces (APIs) associated with them. It is advisable to update the app to the latest version. Rest assured that your sensitive data like email etc. are not compromised. No user data was compromised due to this vulnerability,” the statement said.
Chingari is amongst the many Indian apps that have benefitted from the ban on TikTok and accompanying Chinese apps by the Indian government. The company has amassed over 19 million downloads in under two weeks. Its founder, Sumit Ghosh, had earlier told Mint that the company is enroute to raising funds right now.
Another Indian clone of TikTok, Mitron, had also been found to be vulnerable back in May. Like Chingari, that vulnerability also allowed attackers to log in to a users account without their intervention.
..
Click here to read the Mint ePaperLivemint.com is now on Telegram. Join Livemint channel in your Telegram and stay updated
Topics
-
Noosa News21 hours agoLogan City Council to pull out of federal government Climate Active program due to financial pressure, transparency concerns
-
General18 hours agoFour charged over alleged six-hour gang rape of girl in south-west Sydney
-
Noosa News15 hours agoPolice officer found not guilty of using restricted database to track former partner
-
Business22 hours agoAiming for rock-solid retirement income? I’d buy these two ASX shares