TikTok fixes vulnerabilities allowing attackers to take control of user videos

Embargoed to 0001 Friday December 27 A young girl uses the TikTok app on a smartphone. The Information Commissioner has said
Embargoed to 0001 Friday December 27 A young girl uses the TikTok app on a smartphone. The Information Commissioner has said protecting children's privacy will be top priority for the UK's data regulator in 2020 amid increased concern about platforms such as TikTok.

Vulnerabilities in TikTok which could allow hackers to manipulate content on user accounts have been fixed after they were revealed by security researchers.

Check Point alerted the app’s owners ByteDance of the issues in November and an update patching the flaws was deployed within a month.

Popular among young people, TikTok’s video sharing platform was among the most downloaded apps of 2019.

The weakness meant an attacker could send a fake text message to victims that appeared as though it was from TikTok.

Clicking a malicious link contained in the message would grant bad actors access to the user’s account, allowing them to delete or upload videos, as well as make private or hidden videos public, Check Point said.

It also claimed hackers could extract confidential personal information saved on these accounts, such as users’ full names, email addresses and birthdays – though TikTok says it does not believe that any real names could have been accessed.

Luke Deshotels, from TikTok’s security team, said: “TikTok is committed to protecting user data.

“Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us.

“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app.

“We hope that this successful resolution will encourage future collaboration with security researchers.”

TikTok says a review of customer support records has not shown any patterns that would indicate an attack or breach occurred.

“Data is pervasive, and our latest research shows that the most popular apps are still at risk,” explained Oded Vanunu, Check Point’s head of product vulnerability research.

“Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface.

“Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications – yet most users are under the assumption that they are protected by the app they are using.”


Please enter your comment!
Please enter your name here