TikTok one of the leading app in this generation, allows hackers to take control of user accounts.
Do you have a TikTok account? Imagine someone outside handling your accounts. The flaw has put the Indian users at risk.
What is a TikTok app?
TikTok has over 1.3 billion installs worldwide and one of the most downloaded apps of 2019. India is also one of the fastest-growing markets for TikTok with 300 million users.TikTok is owned by Chinese company ByteDance, which is the world’s most valuable tech start-ups.
The application allows users to create and share short music and lip-sync videos, dancing to songs or comedy sketches (skits).TikTok users can send messages to each other within the app to other TikTok users or just to friends.
The security problems were discovered on November 20, 2019, and fixed by December 15.
How did the hackers gain entry into the TikTok app?
According to the Checkpoint Research teams, the hackers could have exploited through SMS link spoofing. The attackers could send a fake text message to the target. The victim clicks the malicious link believing it to be from TikTok allowing the entry of bad actors to access the user’s account.
“We found that it is possible to send a malicious link to a victim that will result in redirecting the victim to a malicious website. The redirection opens the possibility of accomplishing Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and Sensitive Data Exposure attacks without user consent,” they wrote.
What could the hackers do with exploited TikTok account?
The vulnerabilities described in this research allow attackers to do the following:-
- Get hold of TikTok accounts and manipulate their account
- Delete videos
- Upload unauthorized videos
- Change settings by making private or hidden videos public
- Reveal confidential personal information saved on the account such as email addresses, user’s full names and birthdays
“Before public disclosure, Check Point agreed that all reported issues were patched in the latest versions of our app. We hope that this successful resolution will encourage further collaboration with security researchers,” said in a statement.
“TikTok is committed to protecting user data. Like many organisations, we encourage responsible security researchers to privately disclose the zero-day vulnerability to us,” said Luke Deshotels of TikTok’s security team.
A lot of controversies is heard when it comes to the security of user data. Several branches of United States military banned its service members from using Chinese owned app on government-issued smartphones. In California, a user charged the company, alleging that it shares user data with the Chinese government.
TikTok users must update their apps immediately both on Apple’s iOS and Google Play Store.
You may be interested in reading: ASP.NET Hit by Ransomware