Israeli cybersecurity company found serious vulnerabilities in TikTok
What you need to know
- An Israeli cybersecurity firm found serious vulnerabilities in popular video app tikTok.
- They would have allowed hackers to manipulate user data and reveal personal information.
- TikTok was notified about the problems on November 20 last year and fixed them in December.
An Israeli cybersecurity firm found serious vulnerabilities in popular video app TikTok, that unchecked, could have allowed hackers to manipulate user data, expose personal information and send users malicious links.
According to a report from The New York Times:
Check Point's head of product vulnerability research said:
According to the report, Check Point notified TikTok on November 20, and all the vulnerabilities were fixed by December 15. As is standard practice in these scenarios, cybersecurity firms and finders of bugs, exploits, and vulnerabilities usually remain silent until the developer has a chance to address the issues, to prevent knowledge of any such problems becoming widespread.
TikTok is already in the crosshairs of US lawmakers, in particular, because of concerns over its ties to China. The apparent discovery of massive, exploitable security flaws will probably not do wonders for its image. In a statement, TikTok head of security Luke Deshotels said:
Mr. Deshotels further noted that there was no indication any customer records had been breached.
The report notes that younger, startup apps enjoying explosive growth often find themselves more vulnerable to security exploits. Another cybersecurity expert stated:
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
According to the report, one of the vulnerabilities reportedly allowed attackers to use a link in TikTok's messaging system, to send users messages that looked like they came from TikTok. They could send malware that would let them take control of accounts to upload content, delete videos and make private videos public. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.
As mentioned, Check Point has seemingly confirmed that all reported vulnerabilities have now been fixed by TikTok.