TikTok’s major security flaw was found. TikTok is a popular video-sharing platform with over 1 billion users. Every day thousands of videos are being uploaded on it. It is very popular among youngsters especially.
Not only this, but TikTok is one of the most downloaded apps as of January 2020.
Recently, Check Point, a cybersecurity firm in Israel found that it had serious vulnerabilities. According to the researchers, that security flaw could have allowed hackers to access and change user content and personal information.
Additionally, the app would have allowed the hacker to redirect the victim to a website that looks exactly like TikTok.
For more technical details visit Tik or Tok? Is TikTok secure enough?
TikTok action on that flaw
Dr. Luke Deshotels, a security engineer at TikTok, said the company is committed to protecting user data.
“Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,” said Deshotels. “Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
Fortunately, the issue has been fixed by TikTok.
TECHNICAL DETAILS
1- SMS LINK SPOOFING
Researchers found that it is possible to send a message to any phone number on behalf of TikTok. Attackers that wish to send an SMS message to a victim can capture the HTTP request using a proxy tool (such as Burp Suite).
TikTok’s major security flaw thus can send
lets users send an SMS message to themselves in order to download the application.
2- CHANGE A PRIVATE VIDEO TO A PUBLIC VIDEO
In order to change a video from private mode to public mode, the attacker has to retrieve the video id. Once the attacker has a video id of a private video, he/she can change the video privacy settings by sending an HTTP GET request on behalf of the user
You can read more by the link I have provided above.
CONSEQUENCES
- US and Indian military told its personnel not to use the Chinese-owned app on government-issued phones.
- US army banned the TikTok app.
- Federal Trade Commission filed a complaint against TikTok, saying it illegally collected personal information from minors.
ALSO, READ
Top 7 new and fresh Android apps for January 2020
10 NEW ANDROID GAMES FROM JANUARY 2020