Chingari App: Easily Hackable

July 21, 2020
chingari mobile app hackable authentication

With people succumbed to social media to be on the trend and in the know of the latest news and updates, Chinese App Tiktok was on the top list that has been banned in India’s circulation. This app was a global trend and boomed on people as this platform can share short videos and information to everyone and equipped with posting comments and instant messaging. With only the use of Google or iOS account as its Open Authenticator module, anyone can use or join its growing community.

Amidst India and China struggle for a territorial claim, the Indian government, through reinforcement of their Information Technology Act, banned Tiktok and 58 other apps that China developed that is distributed in Google Playstore and Appstore. They have concluded that this banning is a necessity as their government cybersecurity experts deemed this app can compromise an individual’s privacy and be possibly be used for intelligence reconnaissance by China against the Indian government.

Upon its banning, similar app Chingari – developed by Globussoft became popular with over 10 Million downloads on Google Playstore in a few weeks. Though it was distributed and available on the Appstore since 2018, this was now an overwhelming trend in India. Since it became popular, cybercriminals did not waste this opportunity to do their malicious deeds.

Following the vulnerability of the open authenticator sequence of Tiktok, attackers can quickly gain access to one’s account by simply bypassing the authentication protocol. This is a similar case reported that Tiktok developers are also facing now. Since the app does not require password input authentication or other multi-layered verification to access, it exposed its susceptibility for the account to be compromised.

 

From the presentation that was submitted by Girish Kumar to Globussoft, he was able to penetrate few Chingari accounts and able to deface, delete and upload videos, and change profile information of the user – in layman terms full control on the infiltrated account.

 

In addition to this, he was also able to suspend video and comment sharing on the sample account.

Upon receiving the report, the developer automatically mitigates the countermeasure of the accepted vulnerability of the app. They immediately released Chingari version 2.4.1 for Android and 2.2.6 for iOS, in response to the exposed weakness on the app. They instigated onto their users to immediately download the latest app, and disabled older version API to answer the security threat as an additional report of the app hosting malware scripts also surfaced based on reports of other cybersecurity experts.

Though the reported frangibility is accepted by the developer, they were firmed that this is not a data breach. Since the app does not require personal or sensitive information from its users, they said that server is intact, and no data leakage has been found after their rigorous investigation and network scanning. Perpetrators can only do such damage of tampering onto the account but not stealing data. They are one with the government patriotism to protect their people, especially in a cybercrime attack.

About the author

Leave a Reply