#SysadminLife 

Learning how to DNS-block TikTok on the corporate network. Then segmenting the network more to isolate Wi-Fi devices from the rest of the LAN.

Follow

#SysadminLife 

(For those who missed it: a security researcher has reverse-engineered the TikTok app on Android and found that TikTok scans the LAN for devices and reports back to HQ; moreover, the app has the ability to download a payload from HQ and execute it.)

#SysadminLife 

@futzle do you have a source/link? my Google Fu is failing me...

#SysadminLife 

@xpac boredpanda.com/tik-tok-reverse

I’d like to see someone else corroborate his findings but I don’t think it has happened yet.

#SysadminLife 

@futzle and that’s on top of the IMEI/IMSI harvesting, clipboard stealing, and scanning of installed apps/config.
I would really like to block its access on my housemates’ devices to the rest of my network but I can’t segment the wifi completely because I use my devices on it that still need access. Maybe I can put my devices on a different subnet with full access using DHCP MAC allocations and leave the default allocation pool on a restricted subnet. That would be perfect for my application. But I don’t know how to make that also work with native IPv6.

#SysadminLife 

@s0 It's harder with IPv6 because Android devices don't support DHCPv6; they only do SLAAC. You would probably have to advertise multiple Wi-Fi networks and tie each to a subnet. This is what I do at home on v4 and v6.

#SysadminLife 

@futzle in that case I’ll see if I can disable V6 for that network/subnet entirely. I’m the only one specifically wanting it. Come on android, what year is it?!

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!