Australia just announced that it would join other Western countries in banning TikTok on official devices!
Australia To Ban TikTok On Official Devices!
On 4 April 2023, Attorney-General Mark Dreyfus announced that Australia will ban TikTok on official devices, “as soon as practicable“.
Dreyfus said that the decision was taken “after receiving advice from intelligence and security agencies“.
The direction will come into effect as soon as practicable. Exemptions will only be granted on a case-by-case basis and with appropriate security mitigations in place.
Australia also made changes to its Protective Security Police Framework (PSPF), noting that TikTok poses a security threat due to its data collection practices.
The TikTok application poses significant security and privacy risks to non-corporate Commonwealth entities arising from an extensive collection of user data and exposure to extrajudicial directions from a foreign government that conflicts with Australian law.
The Australian government, however, said that it will allow the use of TikTok for “a legitimate business reason”,. and on a separate”standalone device”. This move came after a security review of social media apps, including TikTok, was submitted to the Australian government last month.
Before this announcement, over half of all Australian federal government agencies had already banned TikTok on official devices. With this decision, the ban is applied consistently across the Australian government and brings Australia in line with New Zealand, and other Five Eyes member countries like the United States, the United Kingdom, and Canada, in banning TikTok on official devices. Norway, the European Parliament and NATO also banned TikTok on official devices.
One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!
Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!
Pinduoduo : What Is It?
Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.
Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.
Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.
In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.
The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.
Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.
Alert First Raised By Chinese Cybersecurity Company
I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.
Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.
Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.
The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.
Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:
We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.
Dedicated Hacking Team To Look For Vulnerabilities
Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.
To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.
By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.
Pinduoduo App Gained More Access Than Allowed
Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.
Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.
The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.
Pinduoduo App Has Access To User Data Without Consent
Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.
The app was also able to change system settings, and access user social media accounts and chats.
The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.
Pinduoduo App Able To Secretly Receive Updates
Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.
Pinduoduo App Programmers Attempted To Obscure Malicious Code
Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.
Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.
Pinduoduo Targeted Android Devices
According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.
He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.
I’ve never seen anything like this before. It’s like, super expansive.
After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.
The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.
Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.
In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.
Please Support My Work!
Support my work through a bank transfer / PayPal / credit card!