Chingari responds to being called ‘easily hackable’, shares app updates with security patch | Tech News

Chingari responds to being called ‘easily hackable’, shares app updates with security patch

An ethical hacker showed how easily Chingari could be hacked and anyone could get access and take over any user's account irrespective of the device and the OS. 

By: HT TECH
| Updated on: Aug 20 2022, 21:49 IST
Chingari has a vulnerability that allows it to be easily exploited and anyone can hijack any user account on any smartphone and ‘tamper’ with user information, content and even upload videos.
Chingari has a vulnerability that allows it to be easily exploited and anyone can hijack any user account on any smartphone and ‘tamper’ with user information, content and even upload videos. (HT Tech)

Chingari, the TikTok clone that suddenly got very popular across the country thanks to TikTok getting banned by the Indian government, is allegedly really easy to hack. The app has a vulnerability that allows it to be easily exploited and anyone can hijack any user account on any smartphone and ‘tamper' with user information, content and even upload videos.

This report comes courtesy The Hacker News (THN) that shared a video showing exactly how easily this could be done. New users can register an account on the Chingari app on both iOS and Android by granting the app a basic profile access to their Google accounts, the report states.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

While many other apps also do this, Girish Kumar, a cybersecurity researcher at Encode Middle East firm in Dubai, told THN that Chingari uses a randomly generated user ID to fetch profile information of the user along with other data from the server without relying on a secret token for user authentication and authorisation.

Also read
Looking for a smartphone? To check mobile finder click here.

Kumar shared a video that shows how easily the user ID can be retrieved and be replaced by a hacker in HTTP requests to gain access to account information. He also told THN that once the victim's account is compromised, the attacker can change any and all information and also upload videos - essentially, the hacker gets full access to the account.

Besides this, Chingari also has another feature that allows users to turn off video sharing and comments and this can be bypassed by changing the HTTP response code allowing pretty much anyone to share and comment on restricted videos.

Kumar informed Chingari about these issues and the company has responded today with a security patch -

“There was a security issue in Chingari (V 2.4.0 and below). The issue was notified to us 24 hours ago has been addressed and patched already by the team. We have pushed updates both on Play Store & App Store with fixes. The old app may not work as we have shut down the vulnerable APIs. It is advisable to update the app to the latest version. Rest assured your sensitive data like email etc are not compromised. No user data was compromised due to this vulnerability,” the company said in a statement today.

Version 2.4.1 for Android and 2.2.6 for iOS comes with the security fix and if you are using Chingari we suggest you update your app immediately.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 11 Jul, 19:45 IST
Trending:
NEXT ARTICLE BEGINS

Best Deals For You