The Hackers News has shared the video in its report and told about this flaw. It has also shown how it can be done easily. Girish Kumar, who works with cyber security firm Encode, told The Hackers News that Spark uses random generated user IDs to get information about the user’s profile. Kumar has shared a video that shows how a hacker replaces the user’s ID in the HTTP request, so that he can access his account.
(Also read- the battery of this Motorola phone will run for 40 hours once charged, the price is less than 15 thousand rupees!)
Further told that once you have access, the hacker can change all the information of the account, as well as upload the videos.
In addition, Spark also has a feature that allows users to turn off video sharing and comment sections, and can also be bypassed by changing the HTTP response code, allowing sharing and commenting on restricted videos. is.
Kumar gave this information to Spark, after which the company has released a security patch. The company said in its statement, ‘There is a flaw in the security of the spark (V 2.4.0 and below). The team has been notified about this flaw. We have released new updates from both Android Play Store and iOS App Store. This kind of problem can come in the app version 2.4.0 and earlier. ‘
(Also read- Beware! These 11 apps are dangerous for your phone, Google removed, advise you to delete them immediately)
It was further said that it may happen that the old version should stop working, because it has been discontinued due to faults. The rest confirmed that there has been no threat to information such as user data and email. Version 2.4.1 for Android and 2.2.6 for iOS have been introduced with security fixes, so we recommend that you update your Spark app.