Hacks

TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. Cybersecurity researchers at Check Point revealed that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent. The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including: delete any videos from victims' TikTok profile, upload un...

RCS expanded as Rich Communications Services is the next generation SMS protocol aimed to replace the SMS and MMS services. It was taken over by GSM Association in the year February 2008. Starting from April 2018 Google started integrating RCS with its instant messaging mobile app Google Allo. RCS is the IP-based messaging service based on SIP and HTTP to provide various services such as group chats, video calls, file transfers and more. RCS Hacking Attacks According to the Security Research Labs report with some implementations RCS functionality not properly protected and it allows a range of different hacking attacks. The improper implementation of RCS functionality in many networks let hackers gain complete control over the user accounts by stealing RCS configuration files that include SIP and HTTP credentials. The implementation lack in certificate and domain validation which allows an attacker to intercept and manipulate communication in the middle and they also fa...

Researchers discovered a massive hacked database online that exposed tens of millions of SMS text messages, and private data belongs to a U.S company TrueDialog. TrueDialog is an American communication company that offering SMS texting solutions to companies such as businesses, universities, and colleges in the USA. Companies claim that they provide Enterprise-grade SMS Texting service, but this massive data leak indicates and leads to huge risks for their customers who have sent and received an SMS for a year of the period. By holding an unsecured database, TrueDialog leaked millions of people’s sensitive data across the USA, and the researchers confirmed that the unprotected database belongs to TrueDialog by finding the evidence of their Host ID “api.truedialog.com”. Discovered database, Also contains millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more. Since the uncovered database huge volume of data, there is n...