Major drawbacks have been detected in the Chingari App.
Girish Kumar of cyber security firm Encode told that the hacker can easily access the spark user’s account, and after that he can change all the information, as well as upload videos.
The Hackers News has shared this video by sharing the video in its report. It has also shown how it can be done easily. Girish Kumar, who works with cyber security firm Encode, told The Hackers News that Spark uses random generated user IDs to get information about the user’s profile. Kumar has shared a video showing how the hacker replaces the user’s ID in the HTTP request, so that he can access his account.
(Also read- The battery of this Motorola phone will run for 40 hours once charged, the price is less than 15 thousand rupees!)
Further explained that once the access is done, the hacker can change all the account information, as well as upload videos. Apart from this, Spark also has a feature that allows users to close the video sharing and comment section, and And this can also be bypassed by changing the HTTP response code, which allows sharing and commenting on restricted videos.
Kumar gave this information to Spark, after which the company has released a security patch. The company said in its statement, ‘There is a flaw in the security of the spark (V 2.4.0 and below). The team has been notified about this flaw. We have released new updates from both Android Play Store and iOS App Store. Such a problem may come in the app version 2.4.0 and earlier. ‘
(Also read- Beware! These 11 apps are dangerous for your phone, Google removed, advise you to delete them immediately)
It was further said that it may happen that the old version should stop working, because it has been discontinued due to faults. The rest confirmed that there has been no threat to information such as user data and email. Version 2.4.1 for Android and 2.2.6 for iOS have been introduced with security fixes, so we recommend that you update your Spark app.