Security Firm Finds Serious Vulnerabilities in TikTok
Researchers with an Israeli security company have found ‘severe’ vulnerabilities in the popular video-sharing app, TikTok, which has now garnered more than 1.5 billion downloads across the globe.
The news comes just a week after the US government instructed its military that no personnel were to use the Chinese-owned video-sharing app, citing security concerns and fears of possible links to the Chinese government.
The BBC is publishing that the security flaws “could have let hackers add or delete videos, change privacy settings and steal personal data, have been fixed after they were highlighted by developer ByteDance.
The company responsible for finding the flaws, Check Point has said that soon after discovering several of the vulnerabilities, they contacted the app’s developer in November of 2019. TikTok has since thanked the security firm publicly for alerting them to the potentially-disastrous vulnerabilities.
“There has been lots of speculation as to how safe or unsafe TikTok is. We proved that there were, indeed, serious security issues with TikTok.” Oded Vanunu.
The New York Times has said that “TikTok, the smartphone app beloved by teenagers and used by hundreds of millions of people around the world, has had serious vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information, according to research published Wednesday by Check Point, a cybersecurity company in Israel.”
“The weaknesses would have allowed attackers to send TikTok users messages that carried malicious links. Once users clicked on the links, attacks would have been able to take control of their accounts, including uploading videos or gaining access to private videos. A separate flaw allowed Check Point researchers to retrieve personal information form TikTok user accounts through the company’s website.”
TikTok has since issued a statement on the matter, stating that “like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,” it said.
“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers,” TikTok concluded.
The BBC’s report also quotes Oded Vanunu, the leading security consultant working on the case. Vanunu said that “there has been lots of speculation as to how safe or unsafe TikTok is. We proved that there were, indeed, serious security issues with TikTok.”
“We don’t have visibility into TikTok’s platform, so we can’t tell if anything was actually exploited. But imagine how much power would have been in the hands of someone who wanted to distribute fake news on the platform,” he said.