Multiple security errors discovered in the TikTok app exposed its 1.5 billion users to hackers
TikTok viral app has been forced to resolve serious security flaws that could have allowed hackers to take control of user accounts and access sensitive information.
The app now has more than one billion users around the world – despite being banned in China, where the parent company ByteDance is located.
CheckPoint Research cyber security experts discovered two notable security breaches that allowed criminals access to private addresses, emails, and date of birth.
Hackers can also upload unauthorized videos, remove videos from users and switch videos from ‘private’ to ‘public’.
CheckPoint has made TikTok aware of the weaknesses and the vulnerabilities have been resolved in the latest app update.
Users are now encouraged to update their app to ensure that they are fully protected.
Scroll down for video
The viral app from the Chinese company ByteDance has several weaknesses that give criminals access to personal information such as private addresses and e-mails. CheckPoint has made TikTok aware of the weaknesses and the vulnerabilities have been fixed in the latest update
The video sharing app exploded in the scene in 2019 and its popularity was only matched by the number of scandals in which it became involved.
The weaknesses were found in TikTok’s back-end and would only be accessible to hackers and not to regular users.
CheckPoint used TikTok’s text messaging system that is used during the initial login and when downloading the app to access accounts.
An attacker could manipulate this system and send a fake text message to a user that contains a malicious link.
If the TikTok user clicked on the link, the hacker would gain access to their account.
From here they can manipulate all aspects of the content, including the removal of videos, the uploading of unauthorized videos and the disclosure of private or ‘hidden’ videos.
A separate vulnerability was found on the TikTok advertising site that was vulnerable to specific hacks known as XSS attacks.
These include the insertion of malicious pieces of code in otherwise secure sites.
The weaknesses were found in TikTok’s back-end and would only be accessible to hackers and not to regular users. CheckPoint discovered the weakness of TikTok’s text messaging system used during the first login and when downloading the app
With this method, CheckPoint was able to retrieve personal information, such as private e-mail addresses and birth dates.
“Data is ubiquitous and our latest research shows that the most popular apps are still at risk,” said Oded Vanunu, head of research into product vulnerability at Check Point.
‘Social media applications are very focused on vulnerabilities because they offer a good source of personal, private data and a large attack area.
“Malicious actors spend a lot of money and time to invade these hugely popular applications – but most users assume that they are protected by the app they use.”
Dr. Luke Deshotels from the TikTok security team said: “TikTok strives to protect user data.
“Like many organizations, we encourage responsible security researchers to make us aware of zero-day vulnerabilities.
“Before it was made public, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful solution will encourage future collaboration with security researchers. “
Spying problems similar to those of technology company Huawei arose in the aftermath of TikTok’s rise for viral fame.
According to figures from Randy Nelson, an industry analyst at SensorTower, the TikTok generated more than $ 87 million in revenue through in-app purchases in the fourth quarter of 2019.
After splitting the revenues for the App Store and Google Play, which each amount to 30 percent, the company had an estimated net revenue of $ 62 million.
But rising profits cannot disguise months of scandal.
Last week the US military banned soldiers from using TikTok because of concerns that the Chinese app might collect personal information from US users.
The army announced that the app was no longer allowed on government phones on Monday, as it is considered a cyber threat.
According to figures from Randy Nelson, an industry analyst at SensorTower, the TikTok generated more than $ 87 million in revenue from in-app purchases in the fourth quarter of 2019. despite various scandals
WHAT IS TIKTOK?
TikTok is a Chinese social media app where users can stream live, create short videos and music videos and GIFs with numerous functions.
The slogan of TikTok is “Let every second count.”
It was the most downloaded app in the US in 2018 and the world’s fourth most downloaded app in 2018, before Instagram and Snapchat.
TikTok is known in China as Douyin, where it was launched in 2016 and then made more widely available worldwide in 2017.
Douyin is still the version of the app used in China and can be downloaded separately to TikTok.
Last year the app was merged with the popular music video lip synchronizing app Musical.ly, also with its headquarters in China.
Most children use the app to synchronize themselves with lip synchronization to map hits.
It offers users a range of colorful modification and editing tools, including overlapping music, sound, animated stickers, filters, and augmented reality (AR) for creating short videos.
The Beijing-based social network has more than 500 million active users and the company is now worth more than $ 75 billion (£ 58 billion).