What you need to know
- An Israeli cybersecurity firm found serious vulnerabilities in popular video app tikTok.
- They would have allowed hackers to manipulate user data and reveal personal information.
- TikTok was notified about the problems on November 20 last year and fixed them in December.
An Israeli cybersecurity firm found serious vulnerabilities in popular video app TikTok, that unchecked, could have allowed hackers to manipulate user data, expose personal information and send users malicious links.
According to a report from The New York Times:
TikTok, the smartphone app beloved by teenagers and used by hundreds of millions of people around the world, had serious vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information, according to research published Wednesday by Check Point, a cybersecurity company in Israel.
The weaknesses would have allowed attackers to send TikTok users messages that carried malicious links. Once users clicked on the links, attackers would have been able to take control of their accounts, including uploading videos or gaining access to private videos. A separate flaw allowed Check Point researchers to retrieve personal information from TikTok user accounts through the company's website.
Check Point's head of product vulnerability research said:
"The vulnerabilities we found were all core to TikTok's systems."
According to the report, Check Point notified TikTok on November 20, and all the vulnerabilities were fixed by December 15. As is standard practice in these scenarios, cybersecurity firms and finders of bugs, exploits, and vulnerabilities usually remain silent until the developer has a chance to address the issues, to prevent knowledge of any such problems becoming widespread.
TikTok is already in the crosshairs of US lawmakers, in particular, because of concerns over its ties to China. The apparent discovery of massive, exploitable security flaws will probably not do wonders for its image. In a statement, TikTok head of security Luke Deshotels said:
"TikTok is committed to protecting user data... Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us... Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
Mr. Deshotels further noted that there was no indication any customer records had been breached.
The report notes that younger, startup apps enjoying explosive growth often find themselves more vulnerable to security exploits. Another cybersecurity expert stated:
"I would expect these types of vulnerabilities in a company like TikTok, which is probably more focused on tremendous growth, and on building new features for their users, rather than security."
According to the report, one of the vulnerabilities reportedly allowed attackers to use a link in TikTok's messaging system, to send users messages that looked like they came from TikTok. They could send malware that would let them take control of accounts to upload content, delete videos and make private videos public. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.
As mentioned, Check Point has seemingly confirmed that all reported vulnerabilities have now been fixed by TikTok.
These are the best wireless earbuds you can buy at every price!
The best wireless earbuds are comfortable, sound great, don’t cost too much, and easily fit in a pocket.
Everything you need to know about the PS5: Release date, price, and more
Sony has officially confirmed that it is working on the PlayStation 5. Here's everything we know about it so far.
Nokia launches two new budget Android One phones under $200
Nokia 2.4 and Nokia 3.4 are the latest additions to HMD Global's budget smartphone lineup. Since they are both Android One devices, they are guaranteed to receive two major OS updates and regular security updates for up to three years.
Spice up your smartphone or tablet with the best icon packs for Android
Being able to customize your device is fantastic as it helps to make your device even more of "your own". With the power of Android, you can use third-party launchers to add custom icon themes and these are just some of our favorites.