TikTok fixes vulnerabilities allowing attackers to take control of user videos

TikTok fixes vulnerabilities allowing attackers to take control of user videos

Vulnerabilities in TikTok which could allow hackers to manipulate content on user accounts have been fixed after they were revealed by security researchers.

Check Point alerted the app’s owners ByteDance of the issues in November and an update patching the flaws was deployed within a month.

Popular among young people, TikTok’s video sharing platform was among the most downloaded apps of 2019.

Data is pervasive, and our latest research shows that the most popular apps are still at risk

The weakness meant an attacker could send a fake text message to victims that appeared as though it was from TikTok.

Clicking a malicious link contained in the message would grant bad actors access to the user’s account, allowing them to delete or upload videos, as well as make private or hidden videos public, Check Point said.

It also claimed hackers could extract confidential personal information saved on these accounts, such as users’ full names, email addresses and birthdays – though TikTok says it does not believe that any real names could have been accessed.

Luke Deshotels, from TikTok’s security team, said: “TikTok is committed to protecting user data.

“Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us.

“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app.

“We hope that this successful resolution will encourage future collaboration with security researchers.”

TikTok says a review of customer support records has not shown any patterns that would indicate an attack or breach occurred.

“Data is pervasive, and our latest research shows that the most popular apps are still at risk,” explained Oded Vanunu, Check Point’s head of product vulnerability research.

“Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface.

“Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications – yet most users are under the assumption that they are protected by the app they are using.”

More on this topic

Amazon’s Alexa offers information on sight loss as part of charity schemeAmazon’s Alexa offers information on sight loss as part of charity scheme

Tinder wants AI to check profile photos are real in catfishing crackdownTinder wants AI to check profile photos are real in catfishing crackdown

Tech firm JRI formally begins roll-out of Tralee job expansion programmeTech firm JRI formally begins roll-out of Tralee job expansion programme

Soundbar packs a punch well above its price pointSoundbar packs a punch well above its price point

More in this Section

Amazon’s Alexa offers information on sight loss as part of charity schemeAmazon’s Alexa offers information on sight loss as part of charity scheme

Tinder wants AI to check profile photos are real in catfishing crackdownTinder wants AI to check profile photos are real in catfishing crackdown

Love, like, laugh: Twitter adds emoji reactions to DMsLove, like, laugh: Twitter adds emoji reactions to DMs

New code aims to protect children online – from apps to toys and social mediaNew code aims to protect children online – from apps to toys and social media


Lifestyle

Food news with Joe McNameeThe Menu: Upcoming food highlights

THE health properties of tea have long been advertised. “It maketh the body active and lusty” a 1660 promotion suggested. However, before you dunk your teabag into a mug of steaming water, spare a thought for the environment. Some have polypropylene to help to seal them and it doesn’t decompose.Storm in a teacup: Top 8 loose-leaf teas

Bestselling author Isabel Allende talks to Rowena Walsh about life, grief, and why it’s never too late to fall in loveIsabel Allende: It's never too late to fall in love

Cliffs of Moher Retreat owner Michelle Moroney has written a book on finding self-worth and stepping back from our 24/7 lives. She talks to Marjorie Brennan about the need to unwindMichelle Moroney highlights the need to take stock of our lives

More From The Irish Examiner