What you need to know
- An Israeli cybersecurity firm found serious vulnerabilities in popular video app tikTok.
- They would have allowed hackers to manipulate user data and reveal personal information.
- TikTok was notified about the problems on November 20 last year and fixed them in December.
An Israeli cybersecurity firm found serious vulnerabilities in popular video app TikTok, that unchecked, could have allowed hackers to manipulate user data, expose personal information and send users malicious links.
According to a report from The New York Times:
Check Point's head of product vulnerability research said:
According to the report, Check Point notified TikTok on November 20, and all the vulnerabilities were fixed by December 15. As is standard practice in these scenarios, cybersecurity firms and finders of bugs, exploits, and vulnerabilities usually remain silent until the developer has a chance to address the issues, to prevent knowledge of any such problems becoming widespread.
TikTok is already in the crosshairs of US lawmakers, in particular, because of concerns over its ties to China. The apparent discovery of massive, exploitable security flaws will probably not do wonders for its image. In a statement, TikTok head of security Luke Deshotels said:
Mr. Deshotels further noted that there was no indication any customer records had been breached.
The report notes that younger, startup apps enjoying explosive growth often find themselves more vulnerable to security exploits. Another cybersecurity expert stated:
According to the report, one of the vulnerabilities reportedly allowed attackers to use a link in TikTok's messaging system, to send users messages that looked like they came from TikTok. They could send malware that would let them take control of accounts to upload content, delete videos and make private videos public. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.
As mentioned, Check Point has seemingly confirmed that all reported vulnerabilities have now been fixed by TikTok.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the Android Central team.