It was the most popular app of 2019, it will certainly also be in 2020, has over 1 billion subscribers and is the only one that is currently able to scare the Facebook group. But it's not perfect at all. THE Check Point Research researchers have found four serious vulnerabilities in the app TikTok and some problems in the official website.
ByteDance, the Chinese company that develops TikTok, has collected Check Point's reports and plugged the flaws in the app, releasing an update, and has also remedied the problems at the site. Anyone who uses TikTok, then, would do well to update the app immediately because, otherwise, the risks it runs are quite high: TikTok, in fact, before the update it could be attacked by hackers with a simple SMS on spoofing, which took the user to a malicious website that mimicked the TikTok home page.
The four vulnerabilities of TikTok
According to Alon Boxiner, Eran Vaknin, Alexey Volodin, Dikla Barda and Roman Zaikin, the five researchers who found the four serious bugs in the TikTok app, it is possible with a few not-so-complicated maneuvers. take possession of a TikTok account, delete videos and upload more without your permission, make private and hidden videos public, and disclose account-related personal information such as private email addresses.
TikTok: beware of SMS
violate a TikTok account just send a SMS to the victim, to invite him to download the app and watch a video. This feature is one of the methods chosen by ByteDance to invite new users to use the service, and there is a special field on the official site of TikTok to send the videos via SMS. Those who receive such an SMS, therefore, usually do not get alarmed. However, Check Point found that it was possible to forge SMS messages to make them look like they came from TikTok. Once the user clicked on the fake link, a hacker would be able to access parts of the account TikTok Check Point also found that TikTok's infrastructure allowed a hacker to redirect the already attacked user to a malicious website that looked like TikTok's homepage.
TikTok's answer
Check Point ha discovered the four serious security holes in TikTok in November 2019, but kept them secret until the company managed to patch its app and website. "TikTok is committed to protecting user data - explains the company in a note - Like many organizations, we encourage security researchers to privately disclose zero day vulnerabilities to us. Prior to public disclosure, Check Point agreed that all reported issues have been corrected in the latest version of our app. We hope that this successful affair will encourage future collaboration with cybersecurity researchers ”.
TikTok breach security: because you have to update the app right away