Chinese RedNote App Exposes Sensitive User Data
Many TikTok users have flocked to the Chinese social media app RedNote. Are the risks worth it? News Article: https://www.forbes.com/sites/danidiplacido/2025/01/13/why-tiktok-users-are-turning-to-rednote-amid-the-ban-protest/ mitmrouter: https://github.com/nmatt0/mitmrouter certmitm: https://github.com/aapooksman/certmitm Need IoT pentesting or reverse engineering services? Please consider Brown Fine Security: https://brownfinesecurity.com/ IoT Hackers Hangout Community Discord Invite: https://discord.gg/GjVxUnrQKC 🛠️ Stuff I Use 🛠️ 🪛 Tools: Raspberry PI Pico: https://amzn.to/3XVMS3K XGecu Universal Programmer: https://amzn.to/4dIhNWy Multimeter: https://amzn.to/4b9cUUG Power Supply: https://amzn.to/3QBNSpb Oscilloscope: https://amzn.to/3UzoAZM Logic Analyzer: https://amzn.to/4a9IfFu USB UART Adapter: https://amzn.to/4h4G7DD iFixit Toolkit: https://amzn.to/44tTjMB 🫠 Soldering & Hot Air Rework Tools: Soldering Station: https://amzn.to/4dygJEv Microsoldering Pencil: https://amzn.to/4dxPHwY Microsoldering Tips: https://amzn.to/3QyKhrT Rework Station: https://amzn.to/3JOPV5x Air Extraction: https://amzn.to/3QB28yx 🔬 Microscope Setup: Microscope: https://amzn.to/4abMMao Microscope 0.7X Lens: https://amzn.to/3wrV1S8 Microscope LED Ring Light: https://amzn.to/4btqiTm Microscope Camera: https://amzn.to/3QXSXsb About Me: My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems. - Soli Deo Gloria 💻 Social: website: https://brownfinesecurity.com/ twitter: https://twitter.com/nmatt0 linkedin: https://www.linkedin.com/in/mattbrwn/ github: https://github.com/nmatt0/ #hacking #iot #cybersecurity
Top Bluesky Posts
This researcher found multiple vulnerabilities in RedNote within a few hours. And no, other social platforms (e.g., Facebook, Youtube, Twitter, Instagram) don’t do this (if you can show they do there’s a massive big bounty payout waiting for you). m.youtube.com/watch?v=-MZV...
Nice technical review of the Red Note application. youtu.be/-MZV6T6ag0c?... tl;dr Sends the same data back to the app servers as most social media apps but it is sending a lot of data in clear text (HTTP). #rednote #xiaohongshu
OKAY: it is in fact WORSE than tiktok encryption, a lot of your data including your location is just plain text or otherwise VERY easily accessible. If you have a beacon in your pocket you're gonna be trackable. Here's what the cyber security guys are sharing rn: www.youtube.com/watch?v=-MZV...
Chinese RedNote App Exposes Sensitive User Data youtu.be/-MZV6T6ag0c?...
Who didn't see this coming?
So like, I keep seeing rednote being pushed hard to people all over Facebook in multiple ads, but I saw this video that indicates it is extremely insecure. How do we get people to listen and why is it being pushed so hard to people as a tiktok alternative rather than bluesky? #cybersecurity
People who are using RedBook are having their sensitive user data exposed. This is not likely you, fellow BlueSky user. But I’m sure you know some people who were devastated that TikTok was banned, even for a short while, and who are impulsive enough to sign up for RedBook. youtu.be/-MZV6T6ag0c
A quick Wire Shark analysis of Red Note internet traffic www.youtube.com/watch?v=-MZV... suggests you are broadcasting your info to anyone listening, unencrypted. At least American social media companies put the barrier of paying them in front for your details.
A little technical so the TLDR is Avoid RedNote! It is trivial to compromise.
You may also like
Bambu private keys leaked less than 24 hours after announcement 🤣
Dr. Strangelove (4/8) Movie CLIP - Water and Commies (1964) HD
Bambu Lab Firmware Update Forces Cloud Dependency & User Lock-In - AVOID THEIR 3D PRINTERS!
Ke$ha - TiK ToK (Official HD Video)
Kool & The Gang - Celebration
Dr. Strangelove - Precious Bodily Fluids
Patrice Rushen - Forget Me Nots (Official Video)
