The popular video sharing app TikTok had multiple security vulnerabilities, according to a new report revealed by cybersecurity firm Check Point. That security flaw allows the hackers to take control of TikTok accounts and manipulate the content, upload and delete videos and reveal personal information such as a private email address.
Vulnerability was disclosed to TikTok and patched
According to a latest report, China’s popular video sharing app TikTok had “multiple” security vulnerabilities. Due to this security flaw, Cybersecurity firm found that it’s possible to send a standard text message to any phone number on behalf of TikTok. There is a function that lets users send a text message to themselves so they can download the app, on the app’s own site.
The findings of Check Point will add fuel to arguments, particularly from U.S. politicians, that TikTok owned by Chinese company ByteDance is a national security threat for the country.
TikTok says that a review of customer support records has not shown any patterns that would indicate an attack or breach occurred. ‘Data is pervasive, and our latest research shows that the most popular apps are still at risk,’ explained Oded Vanunu, Check Point’s head of product vulnerability research. ‘Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface. ‘Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications – yet most users are under the assumption that they are protected by the app they are using.’
It’s not the first time TikTok, owned by Chinese parent-company ByteDance, has come under scrutiny over security shortcomings – in December 2019 the United States Navy banned its personnel from using the smartphone app on government-issued devices, saying it posed a “cybersecurity threat”.
In a prepared statement, TikTok security engineer Luke Deshotels moved to reassure users, saying that the company is “committed to protecting user data”.
“Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app,” Deshotels said.
Oded Vanunu, who is Head of Product Vulnerability Research at Check Point, says that their latest findings highlight that even the most popular apps are at risk of data breaches.
He said in a statement, “Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate,”.
“Yet most users are under the assumption that they are protected by the app they are using.”