Researchers have discovered serious TikTok security flaws that could allow hackers to extract personal data and manipulate content. However, the China-based company claims to have fixed the issue.
TikTok has grown over the last two years to become one of the most popular apps in the United States. According to data firm Sensor Tower, the social media app has over 1.5 billion downloads.
By the end of 2019, the app was already on its way to surpass social media apps like Facebook, YouTube, and Instagram in user downloads.
Of course, TikTok’s meteoric rise comes with a significant downside. Since the app has not been hardened by years of cyberattack and security research, it presents an opportunity for hackers.
Now a cybersecurity company in Israel, Check Point, has found one of such opportunities.
“The vulnerabilities we found were all core to TikTok’s systems,” Check Point’s head of product vulnerability research, Oded Vanunu, told the Times.
About The Major TikTok Security Flaws
According to Check Point’s report, one of the TikTok security flaws has allowed hackers to send users messages with malicious links.
Any user who clicks the links is giving the hackers control of their TikTok accounts. The perpetrators can then upload videos or even access the user’s private videos.
The researchers also reported a second security flaw. The other vulnerability could enable hackers to retrieve personal information from TikTok users’ accounts through the company’s website.
According to the Times, TikTok learned about the conclusion in Check Point’s research on November 20, 2019. The company said it had fixed the flaws by December 15, 2019.
Speaking to the Times about the issue, head of TikTok’s security team, Luke Deshotels, said:
“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
For a while now, TikTok’s parent company, ByteDance, has been under intense scrutiny from the U.S. government.
In November 2019, Reuters reported that the U.S. security panel had launched a national security review of the China-based company. About a month later, the U.S. Army and Navy banned TikTok, calling it a security threat.
As it turns out, the app did contain exploitable vulnerabilities. Despite TikTok’s claims that it has fixed the issue, the U.S. government’s reservation about the app is unlikely to go away any time soon.
Comments (0)
Least Recent