TikTok security bug allowed hackers to take control of accounts
TikTok, arguably the most popular social media app of the last one year, was likely leaking user data. Researchers at Check Point have found multiple security bugs in the app, which lets users post seconds-long videos. The security bugs, say researchers, put millions of TikTok users at risk. It is worth noting that TikTok has highest number of users in India, with one estimate putting the number at more than 300 million.
“In the recent months, Check Point Research teams discovered multiple vulnerabilities within the TikTok application,” researchers at Check Point noted on the company’s website. “Check Point Research informed TikTok developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the TikTok app.”
According to Check Point, the bugs let hackers:
— Get a hold of TikTok accounts and manipulate their content
— Delete videos
— Upload unauthorized videos
— Make private “hidden” videos public
— Reveal personal information saved on the account such as private email addresses
In other words, the bugs let hackers take control of a TikTok user’s account, and then post videos, even objectionable videos, on their behalf. It also let them delete the videos from an account.
The security bugs, according to researchers, could be exploited using vulnerabilities in the SMS system that TikTok uses to allow users to access their accounts through the TikTok website.
“During our research we found that it is possible to send a SMS message to any phone number on behalf of TikTok. On TikTok’s main site: www.tiktok.com, there is a functionality that lets users send an SMS message to themselves in order to download the application,” noted Check Point.
The security bugs were found in this mechanism. Using different functionality and bugs in this feature, a hacker could send a message to a TikTok account with a malicious link. Once a user clicked on this link, it would let hackers take control of the TikTok account.
It’s not clear how many TikTok users actually saw their account hacked into using this vulnerability but from what Check Point has revealed it seems that millions of TikTok users were at risk.
Should you worry?
Yes. Even if you think your account has not be compromised, you should log out and log into the account again.
Another important bit to note here is that the information about the bugs was sent to Tik Tok teams, and according to Check Point the bugs have been fixed. So you must update the TikTok app, whether you are using it on the iPhone or on Android, right away.
Finally, you should be careful while using the app. Here is what Check Point advises, “TikTok videos are entertaining. But as some have experienced, there is often a fine line between fun clips to private, even intimate assets being compromised while trusting to be under the protection from the apps we use. The research presented here shows the risks associated with one of the most popular and widely used social apps in the world. Such risks enforce the essential need for privacy and data security in the cyber world we live in.”
It is important to note that Tik Tok, compared to Facebook or Twitter, is managed by one of the most secretive technology companies in the world. Recently when New Yorker tried to profile the app and its business, it repeatedly ran into issues where no information was available, largely because the main office of Tik Tok was based in China and the US team looking after the app wasn’t aware of all the aspects of the app or how it worked.