Mitron App is supposed to have a vulnerability that could allow an attacker to access user accounts and send messages on behalf of a specific user and is launchable as an alternative to TikTok and gain considerable popularity over a short time. This vulnerability does not allow any wrong actors, such as the e-mail ID used by a user to log into a Mitron device, to steal personal information. However, it can be used to access the profile of the affected user. The Mitron software is exclusively available on Android so far and has over 50 lakh Google Play downloads.
In taking advantage of the vulnerability of the Mitron app, Gadgets 360 was told by computer security investigator Rahul Kankrale that an attacker could send messages to other users and even follow people and comment on the victims’ behalf. He said the problem exists during the application login process that enables bad players to intercept the victim’s unique username that can be used to log in to their accounts, without requiring any passwords or further checks.
The developer of the Mitron app also said Kankrale did not use the SSL protocol to protect the authentication. While the application allows users to log on to their Google accounts already in place, instead of using the Google account provided, the app processes login with the unique user ID.
He has also created a video of the vulnerability that still needs to be remedied. The Hacker News first informed about the vulnerability.
As a solution made by India to combat TikTok, the Mitron software came to light. A student of IIT Roorkee was reported to have done so. However, it was announced on Friday that the app was not developed in India by a Pakistani software firm, Qboxus.