50 Lakh Mitron App Users At Risk: Mitron App Can Be Hacked In Seconds!

50 Lakh Mitron App Users At Risk: Mitron App Can Be Hacked In Seconds!
50 Lakh Mitron App Users At Risk: Mitron App Can Be Hacked In Seconds!

Soon after the Prime Minister’s speech about ‘vocal for local’ initiative, to make India self-reliant, many Indians have started to show effects under this.

People are understanding the need for relying on Indian made products, over the foreign competitors. Due to multiple reasons which we will talk about further in this article, thousands and thousands of people in India have uninstalled the TikTok app.

Allegedly, there has been a substitute app flowing in the PlayStore since some time now. Run by the app name ‘Mitron’, it is a TikTok clone app and if you haven’t already noticed, it sounds authentically Indian.

However, Mitron is not really a ‘Made in India’ product and the ones downloading it are highly vulnerable to be hacked without requiring interaction or their passwords.

Contents

What You Need to Know Before ‘Mitron’?

One of the highest used applications in India than anywhere, TikTok is a highly popular video social platform, where people upload short videos of themselves lip-syncing, dancing and other entertainment driven content.

However, due to repetitive security breach and adversity in data security, people started looking for alternatives in the market.

Besides, PM Modi’s latest ‘vocal for local’ initiative to boost the Indian products has indirectly asked the countrymen to boycott all the Chinese services and products.

Trending hashtags like #tiktokban and #IndiansAgainstTikTok due to the recent TikTok vs Youtube battle and CarryMinati’s  roast video also rapidly increased the popularity of Mitron.

What is Mitron App?

Mitron is an alternative for TikTok. It is a video social platform, which caught eye when people went crazy and crossed over 5 million downloads, with 250,000 5-star ratings in just 48 days after being released on the Google Play Store.

Obviously, with a reason to start relying on Indian made products, plus the biggest conundrum caused here by the name of the app, ‘Mitron’, people automatically assumed that this is an Indian app.

However, Mitron is not really a ‘Made in India’ product. Not just this, the viral app contains a highly critical, unpatched vulnerability which could hack the user’s account very easily.

Mitron Account Users can Be Hacked in Seconds

It has recently been found out that the Mitron app contains a critical and easy-to-exploit software vulnerability, which could result in literally anyone with even a basic idea of hacking, bypass the account authorization for any Mitron user within seconds.

This security issue is discovered by the Indian vulnerability researcher Rahul Kankrale. According to Kankrale, the style in which the app implements ‘Login with Google’ feature and asks for users’ permission to access their profile information via Google account while signing up but, ironically, doesn’t use it or create any secret tokens for authentication, gave away the hidden enigma of hacking.

To simplify it, one can log into any targeted Mitron user profile just by knowing his or her unique user ID, which can easily be in the page source as public information. So, without even entering any password, an account can be hacked.

Where is Mitron From?

While reviewing the app’s code for vulnerabilities, Kankrale found out that Mitron is actually a re-packaged version of the TicTic app, created by a Pakistani software development company Qboxus.

This company sells it as a ready to launch clone for TikTok, musical.ly or Dubsmash like services.

When asked about it to Irfan Sheikh, CEO of Qboxus, he said that they sell the source code to various buyers, who customize it according to their need.

He has a problem with people referring to it as an Indian-made app, which is not true, especially because the developers of Mitron app haven’t made any changes to the Pakistani-code for the app.

The code for the app has been developed by a Pakistani company, while the real identity of the person behind the app has still not been confirmed.

Comments are closed, but trackbacks and pingbacks are open.

who's online