TikTok is one of the most popular apps across the world and it’s quite a rage in India as well. However, a cybersecurity research firm has issued a warning for all those who are on TikTok. According to Check Point Research, the firm has discovered quite a few vulnerabilities in TikTok that could allow hacking and personal information of users being compromised.
As per Check Point’s research, an attacker can send an SMS to a user that may contain a malicious link. If and when a use clicks on the link, the hacker can get hold of their TikTok account and take control over the content they share. This could mean any hacker could delete videos, upload unauthorised videos or make private videos public.
It was further revealed that TikTok has a subdomain which is vulnerable to such attacks. Check Point researchers leveraged this vulnerability to retrieve personal information saved on user accounts including private email addresses and birthdates.
Check Point Research informed TikTok developers of the vulnerabilities exposed in this research and a fix was responsibly deployed to ensure its users can safely continue using the TikTok app.
“Data is pervasive but data breaches are becoming an epidemic, and our latest research shows that the most popular apps are still at risk,” said Oded Vanunu, Check Point’s Head of Product Vulnerability Research. “Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using.”
Luke Deshotels, PhD, TikTok Security Team said,“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”