Posted on January 8, 2020 at 3:50 PM
Security Researchers Discovered Major Vulnerabilities on the TikTok App
The TikTok Smartphone app, which already has hundreds of millions of downloads, may have vulnerability concerns. A cybersecurity firm in Israel, CheckPoint, reported today that the vulnerabilities might have allowed cyberattackers to reveal users’ personal information and manipulate their data.
But the handlers of the app said they have already patched up the vulnerabilities. The TikTok app provides the platform for users to post creative videos they can share on different apps.
The vulnerabilities gave access to hackers to send users messages that contain malicious links. When the user clicks on the sent link, the user’s TikTok account becomes easily accessible to the hacker.
This gives cyber attackers access to the account to perform a series of activities.
Checkpoint researchers also looked at a second vulnerability through the app’s website. According to CheckPoint, the company’s website allows access to personal information of the user, which may have been exploited by hackers.
Vulnerabilities all linked to TikTok’s systems
Checkpoint also revealed that the security weaknesses are all from TikTok’s systems. According to the head of product at CheckPoint, Oded Vanunu, the TikTok system is currently susceptible to virus attack, and the vulnerability could transcend to the individual apps downloaded by its users.
Vanunu said the company was made aware of Check Point’s research. He pointed out that all the vulnerabilities have been patched and successfully fixed.
TikTok app seen with a different eye
TikTok app has often been targeted by regulators and lawmakers who are still skeptical about Chinese technology. Many believe the app may be playing another role other than offering an avenue for its users to share pictures and videos.
Some American lawmakers are concerned that the Chinese government is using TikTok for its interest. They believe that TikTok’s growth and popularity in China is a result of the government’s influence on certain aspects of the app. The regulators believe that Beijing collects user data on the app users while censoring certain contents the Chinese government doesn’t want.
This has resulted in a lot of scrutiny on the activities of the apps, including its data practices and content policies
Some branches of the U.S. military have even prohibited their personnel from using the app on any government-issued Smartphone. And several U.S security agencies feel the app could be a spying app for the Chinese government. With this recent development, it will further compound the problems the app and its creators are currently having.
App be more vulnerable to attacks
The popularity of TikTok has seen it downloaded more than 1.5 billion times within the last two years. Data from Sensor Tower revealed that the app might receive more downloads this year than more popular apps from YouTube, Instagram, and Facebook.
However, apps such as TikTok are relatively more vulnerable for hackers who are looking for new apps that have not gone through a comprehensive security check and analysis. Other apps from popular social media and internet giants have passed through a sustained period of security check. Even the attackers stick to get a shot at those apps from time to time.
Moreover, the users of the TikTok app are special targets for hackers because many of them are young and maybe not very conscious of security updates.
TikTok committed to protecting users
According to TikTok’s head of security team, Luke Deshotels, the app has a strong commitment to protecting the data and personal information of its users. Just like other organizations, TikTok has always encouraged security researchers to inform them of any vulnerability they find within their system. He also pointed out that customer records did not indicate any form of attack or a breach of data.
He reiterated that the company will always welcome any research on its system and app, and any vulnerability should be disclosed to the company before any public disclosure.
He continued that the app had patched the security weakness before Checkpoint went public with the disclosure. Deshotels said that the company hoped the situation would further encourage more partnerships with security researchers.