Maharashtra cyber cell has issued an advisory for the TikTok-rival Mitron app users. It says that the app has a major security vulnerability which exposes user’s accounts to hackers and threat actors. Issued via a post on microblogging site Twitter, the advisory says that anyone can log into any targeted Mitron user account just by knowing the user ID without entering the password.

For the unversed, the Mitron app has recently been removed from Google Play Store over security concerns.

The Mitron app allows users to sign in using their existing Google account with its ‘Login with Google’ feature. Once downloaded, the app asks users’ permission to access their profile information via Google account while signing up. Further, the app does not use any Secure Sockets Layer (SSL) protocol for the login. This exposes Mitron user’s profiles to hackers who can log into the account without knowing the password, as mentioned above. The hackers then take control of the user’s account, send messages and comment on their behalf.

Here’s the post shared by the Maharashtra IT cell on Twitter.

Another major concern raised by the state’s IT cell is that the Mitron app is a re-packaged version of the Tic Tic app created by a Pakistani software development company Qboxus. Vulnerability of this rebranded has not been patched yet which makes it unsafe to use. Other concerns related with the app are the non-existence of its privacy policy, no terms of use and the owner of the app is unknown.

The state IT cell advises users who have already downloaded the app to uninstall as a precautionary measure to safeguard personal information and data risks. It further encourages people to check an app’s permissions and privacy policy before downloading. “Always look into applications and their developers — Are there credible reviews?.. If something feels “Phishy” or unusual, there is probably a reason for it,” reads the advisory.





READ NEWS SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here