Why it matters: If you're one of the over 1.5 billion users of TikTok,
you may want to update your app as soon as possible. According to Check
Point security researchers, some versions of the app are vulnerable to
several kinds of attacks that could compromise personal information
stored on your phone.
Tiktok is currently used by more than 700 million users every month,
which makes it an attractive target for hackers fishing for your
personal data. And since a big chunk of its audience is comprised of
teenagers, they run an even higher risk of this turning into a privacy
According to Check Point Research, the popular lip-syncing video sharing
app has multiple vulnerabilities that make it relatively easy for
attackers to take complete control of your account, upload or remove
videos, and expose private information or videos that you may have set
The vulnerabilities were discovered in November, and affect both Android
and iOS versions of TikTok except for the latest version of the app
that has been patched.
For example, the researchers noticed the platform allows users to
receive a link to download the app via an SMS message which can be
requested through the official website. But this mechanism is far from
perfect, as researchers quickly found a way to manipulate the text and
download link in the messages to send special commands to the app if
it's already installed on your phone. Furthermore, they could use this
hole to send a message to any phone number, not just those that were
used to register TikTok accounts.
From there, an attacker can exploit bugs in the browser redirect setup
to control your account and do things like following other accounts,
getting personal information like email, and making private videos
attacker can even create videos and post them from the third party's
TikTok isn't the only social platform where SMS has been found to be a
security culprit. Last year, Twitter had to disable its tweet-via-SMS
feature after CEO Jack Dorsey's account was hijacked through a
vulnerability in that cloud-based mechanism.
TikTok owner ByteDance remains under regulatory scrutiny over its
alleged ties with China. The app has been banned by the US military and
is currently subject of a national security review, which is why
ByteDance is scrambling to move its operations outside of China while
keeping silent on everything related to what happens in that region.
Still, Check Point says TikTok was quick to respond when they were
notified about the findings, and managed to fix the newly-discovered
vulnerabilities by the end of December.
Join Geezgo for free. Use Geezgo's end-to-end encrypted Chat with your Closenets (friends, relatives, colleague etc) in personalized ways.>>