TikTok is one of the most famous download apps, mostly its users are teenagers. Multiple security flaws discovered in TikTok app exposed, 1 billion users, TikTok has definitely cracked the code to the term “popularity” across the globe. As of October 2019, TikTok is one of the world’s most downloaded apps.
According to Check Point Research teams discovered multiple vulnerabilities within the TikTok application. The vulnerabilities described in this research allow attackers to do the following:
According to Check Point Research teams discovered multiple vulnerabilities within the TikTok application. The vulnerabilities described in this research allow attackers to do the following:
Viral app TikTok has been forced to fix serious security flaws which could have allowed hackers to take control of users’ accounts and access sensitive information.
The app now has more than a billion users around the world – despite being banned in China, where its parent company ByteDance is based.
Cyber security experts at Check Point Research discovered two glaring security holes which allowed criminals access to private addresses, emails and date of birth.
Hackers could also upload unauthorized videos, delete users’ videos and switch videos from ‘private’ to ‘public’.
CheckPoint made TikTok aware of the weaknesses and the vulnerabilities were fixed in the latest app update.
Users are now being encouraged to update their app to ensure they are fully protected.
The weaknesses were found in TikTok’s back-end and would only be accessible to hackers and not regular users.
CheckPoint exploited TikTok’s SMS messaging system which is used during initial sign-up and when downloading the app to gain access to accounts.
An attacker could manipulate this system and send a spoofed text message to a user containing a malicious link.
If the TikTok user clicked on the link, it would grant the hacker access their account.
From here they can manipulate all aspects of the content, including deleting videos, uploading unauthorized videos, and making private or ‘hidden’ videos public.
A separate vulnerability was found in TikTok’s advertisement site which was vulnerable to specific hacks known as XSS attacks.
These involve inserting malicious pieces of code into otherwise safe sites.
Through this method, CheckPoint was able to retrieve personal information such as private email addresses and dates of birth.
‘Data is pervasive, and our latest research shows that the most popular apps are still at risk,’ said Oded Vanunu, Check Point’s head of product vulnerability research.
‘Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface.
‘Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications – yet most users are under the assumption that they are protected by the app they are using.’
Dr Luke Deshotels, from TikTok’s security team, said: ‘TikTok is committed to protecting user data.
‘Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us.
‘Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.’