press enter to search

Security flaws found in TikTok could have given hackers access to users' videos

News Desk

The Jakarta Post

Jakarta  /  Thu, January 9, 2020  /  05:19 pm
Security flaws found in TikTok could have given hackers access to users' videos

TikTok app (Shutterstock/Denys Prykhodov)

TikTok, an app downloaded by over 1 billion people worldwide, was apparently at risk of a security breach last November. 

Although all vulnerabilities were reportedly resolved by Dec. 15, 2019, the breach could have allowed hackers to manipulate the contents on user accounts and extract personal information, revealed cyber threat intelligence company Check Point Research on Thursday. 

Research done by Check Point also found that attackers could have messaged users a malicious link that when clicked would enable attackers to take control of their account, including uploading unauthorized videos, or publicizing private or “hidden” videos.

Another flaw found in TikTok's subdomain could have let attackers retrieve personal user information including email addresses and birthdates. 

Read also: Time is running out for Facebook as TikTok takes over in Vietnam

Check Point’s head of product vulnerability research, Oded Vanunu, said that most users still were not aware of privacy breach risks in popular apps. 

“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate,” he stated. “Most users are under the assumption that they are protected by the app they are using.” 

TikTok, known as Douyin in China and developed by Beijing-based startup Bytedance, allows users to create short, creative videos and share them on various apps but its popularity and roots in China have reportedly created suspicions about Chinese technology. 

The Wall Street Journal reported earlier this year that the United States Air Force and Coast Guard have banned personnel from using the app on government-issued devices. 

Despite disclosing these solved vulnerabilities, TikTok’s head of security, Luke Deshotels, said that TikTok ensured data protection. 

“Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,” he stated. 

“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.” (vel/kes)

Your premium period will expire in 0 day(s)

close x
Subscribe to get unlimited access Get 50% off now