TikTok is the victim of a major security breach. The hackers could use it to modify the content of the videos published on the platform. In addition, hackers could also access the personal data of users of the social network.
Cybersecurity researchers at CheckPoint Research announce they have discovered “several vulnerabilities” on TikTok. According to these experts, these flaws allow hackers to send SMS messages containing malware to users of the social network. Hackers could easily “fake” their appearance, to make victims believe that these messages come from TikTok.
By clicking on one of these compromised links, the hacker could take control of their target’s account. In fact, he could access downloaded videos and private videos, or publish new ones. In addition, CheckPoint claims that another flaw would allow it to seize the user’s personal information stored on TikTok’s servers. Making it an ideal breeding ground for launching phishing operations.
TikTok vulnerability could have let hackers access users’ videos
“All of the vulnerabilities we found were all at the heart of TikTok’s systems,” said Oded Vanunu, head of product vulnerability research for CheckPoint. The company specializing in computer security informed TikTok of its discoveries on November 15, 2019. The social network claims to have fixed all of these flaws on December 5, 2019.
TikTok is close to 1.5 billion global users in just two and a half years since launching outside of China. It is a target for hackers because of the amount of data and potentially private information that includes. Since apps like TikTok can be used across multiple platforms, it’s easier for a malicious actor to escalate their activity quickly.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to reveal vulnerabilities to us in private. Before revealing this story to the public, we had agreed with CheckPoint to patch all the problems reported on the latest version of our application. We hope this successful resolution will encourage future collaborations with security researchers, ”said Luke Deshotels, a member of the TikTok IT security team in a letter to The Verge website.
These security concerns arise shortly after the United States Navy’s decision to ban TikTok from its employees’ smartphones. According to the official statement of the American General Staff, the social network represents a threat to the national security, from where the decision to prohibit the sailors and employees of this army corps to use the Chinese social network.