TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Security flaws found in TikTok could have given hackers access to users' videos
Research done by Check Point also found that attackers could have messaged users a malicious link that when clicked would enable attackers to take control of their account, including uploading unauthorized videos, or publicizing private or “hidden” videos.
Change Size
TikTok app (Shutterstock/Denys Prykhodov)
TikTok, an app downloaded by over 1 billion people worldwide, was apparently at risk of a security breach last November.
Although all vulnerabilities were reportedly resolved by Dec. 15, 2019, the breach could have allowed hackers to manipulate the contents on user accounts and extract personal information, revealed cyber threat intelligence company Check Point Research on Thursday.
Research done by Check Point also found that attackers could have messaged users a malicious link that when clicked would enable attackers to take control of their account, including uploading unauthorized videos, or publicizing private or “hidden” videos.
Another flaw found in TikTok's subdomain could have let attackers retrieve personal user information including email addresses and birthdates.
Read also: Time is running out for Facebook as TikTok takes over in Vietnam
Check Point’s head of product vulnerability research, Oded Vanunu, said that most users still were not aware of privacy breach risks in popular apps.
“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate,” he stated. “Most users are under the assumption that they are protected by the app they are using.”
TikTok, known as Douyin in China and developed by Beijing-based startup Bytedance, allows users to create short, creative videos and share them on various apps but its popularity and roots in China have reportedly created suspicions about Chinese technology.
The Wall Street Journal reported earlier this year that the United States Air Force and Coast Guard have banned personnel from using the app on government-issued devices.
Despite disclosing these solved vulnerabilities, TikTok’s head of security, Luke Deshotels, said that TikTok ensured data protection.
“Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,” he stated.
“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.” (vel/kes)
