#BugAlert: Multiple vulnerabilities risking user data detected in TikTok
Even as experts continue to grow wary of TikTok's data collection and moderation practices, cybersecurity company Check Point Research has raised alarms over security issues in the video-sharing platform. The company revealed that TikTok had multiple vulnerabilities that could have allowed a hacker to gain unauthorized access to the videos shared by users. Here's all you need to know about it.
What was the issue with TikTok?
After conducting a thorough analysis of TikTok's app, the researchers at Check Point discovered a loophole that allowed spoofing messages to make them appear like the official ones from the Chinese platform. This basically opened a way for a threat actor to trick an unsuspecting TikTok user into clicking on a malicious link, which could, in turn, reveal parts of their account.
This could have compromised plenty of information
If someone clicked on the malicious link sent through the spoofed messages, the hacker would have been gained access to critical parts of the target's TikTok account, Check Point said. This included the ability to see videos uploaded on the platform, deleting them, changing their privacy settings from public to private, or uploading new, possibly inappropriate, videos.
Targets could have been redirected to malicious pages
Along with the risk of hacking, Check Point also found that the core infrastructure of TikTok left room for a hacker to redirect a hacked user to a page other than TikTok's official landing page. This way, unsuspecting users could have been taken to fake TikTok pages, designed to steal confidential login-passwords or ask for money to continue using the service.
TikTok has now fixed the glitches
Either way, the vulnerabilities in question were reported to TikTok in November and fixed by the Chinese company a few days later. "Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app," TikTok security team member Luke Deshotels said in a statement. "We hope that this successful resolution will encourage future collaboration with security researchers."
