Israeli cybersecurity company found serious vulnerabilities in TikTok
What you need to know
- An Israeli cybersecurity firm found serious vulnerabilities in popular video app tikTok.
- They would have allowed hackers to manipulate user data and reveal personal information.
- TikTok was notified about the problems on November 20 last year and fixed them in December.
An Israeli cybersecurity firm found serious vulnerabilities in popular video app TikTok, that unchecked, could have allowed hackers to manipulate user data, expose personal information and send users malicious links.
According to a report from The New York Times:
Check Point's head of product vulnerability research said:
According to the report, Check Point notified TikTok on November 20, and all the vulnerabilities were fixed by December 15. As is standard practice in these scenarios, cybersecurity firms and finders of bugs, exploits, and vulnerabilities usually remain silent until the developer has a chance to address the issues, to prevent knowledge of any such problems becoming widespread.
TikTok is already in the crosshairs of US lawmakers, in particular, because of concerns over its ties to China. The apparent discovery of massive, exploitable security flaws will probably not do wonders for its image. In a statement, TikTok head of security Luke Deshotels said:
Mr. Deshotels further noted that there was no indication any customer records had been breached.
The report notes that younger, startup apps enjoying explosive growth often find themselves more vulnerable to security exploits. Another cybersecurity expert stated:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
According to the report, one of the vulnerabilities reportedly allowed attackers to use a link in TikTok's messaging system, to send users messages that looked like they came from TikTok. They could send malware that would let them take control of accounts to upload content, delete videos and make private videos public. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.
As mentioned, Check Point has seemingly confirmed that all reported vulnerabilities have now been fixed by TikTok.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9