Mitron, the popular TikTok rival that has shot to fame in the past few days, apparently has a vulnerability that lets hackers take control of user accounts and even send messages on their behalf. In addition, the attacker can follow others using the hacked account or even comment, said cyber-security researcher Rahul Kankrale to Gadgets 360. As per Kankrale, the vulnerability is right within the login process of the app from where attackers can take control of the user account without even knowing the password or going through other verification processes.
As mentioned in the report, Mitron app is also not using the Secure Sockets Layer (SSL) protocol for the login. The app does allow users to login using their Google credentials but still uses its own unique user ID for the login process instead of using the Google account. He has even made a video for it.
This is the second time that Mitron has ‘fooled’ the customers. The first time was when it was found out that the app is not ‘Indian’ but has been made in Pakistan and is the repackaged version of TicTic. Irfan Sheikh, the founder and CEO of Qboxus has confirmed that Mitron’s promoter purchased the source code for $34 ( ₹2,600 approximately). Qboxus in the past has developed apps such as TicTic, which is a spin-off of TikTok. Sheikh claimed that the owners of Mitron app did not make any changes to the source code. He also objected to people calling Mitron as an India-made app.
Earlier, MitronTV had raced to the top charts of Google Play Store rankings with over 5 million downloads and 4.7 ratings. The growth of Mitron came at a time when TikTok was getting bashed by users with a 1-star rating and millions of negative reviews.