TikTok has fixed major security holes that researchers said left the video-sharing platform’s users vulnerable to hackers.
Cyberattackers could have exploited the flaws to upload or delete videos on TikTok users’ accounts and gain access to sensitive personal information, according to a Wednesday report from Israeli cybersecurity firm Check Point Research.
TikTok said it patched the problems about a month ago when Check Point presented its findings to the company. But the vulnerabilities could add to mounting security worries about an app that has been downloaded more than a billion times.
“The research presented here shows the risks associated with one of the most popular and widely used social apps in the world,” Check Point said in its report. “Such risks enforce the essential need for privacy and data security in the cyber world we live in.”
One flaw would reportedly allow hackers to send TikTok users text messages on the app’s behalf. Bad actors could include links in those messages that, once clicked, would allow them to manipulate users’ content without their permission, Check Point found.
In addition to secretly uploading and deleting content, hackers could take users’ private videos and make them publicly visible, according to the report.
Another hole could have allowed hackers to view several pieces of personal data for TikTok users such as email addresses, birth dates and payment information, researchers said.
But TikTok has not seen any evidence of an actual attack or security breach, according to Luke Deshotels of TikTok’s security team. Check Point agreed that the problems it found were fixed in the latest version of TikTok’s app, Deshotels said.
“TikTok is committed to protecting user data,” Deshotels said in a statement. “… We hope that this successful resolution will encourage future collaboration with security researchers.”
TikTok has become wildly popular in the US and across the world, especially among teens and young adults. But US officials have raised cybersecurity concerns about the app, which is owned by Chinese tech startup ByteDance.
The US Army recently barred soldiers from using TikTok on government phones because it posed a cyber threat even though it was being used for recruiting as recently as October. The US Navy made a similar move last month.
The Committee on Foreign Investment in the US has also reportedly launched a review of ByteDance’s 2017 acquisition of Musical.ly, the lip-syncing app that became TikTok.
Source: Read Full Article