Fan-favorite video sharing and content creating application TikTok reportedly contained numerous security flaws. The app was vulnerable to hackers who could control accounts and the contents posted on the app.
TikTok currently has more than 1 billion users around the globe. The majority of its users are teenagers, notes Tech Radar. The app allows users to create short, entertaining videos and share them on various platforms.
According to CNBC, Check Point, a cybersecurity firm, found out about the vulnerabilities. The cybersecurity immediately reached out to TikTok to reveal the insecurities.
Based on the findings of Check Point, TikTok’s system allowed hackers to possibly control data posted on user accounts. Attackers could allegedly send a text message to virtually any user while parading as part of the TikTok team. Once the receiver clicks on the link, hackers could gain access to the user’s social media account.
Once attackers gain unauthorized access, they could also change settings of the accounts. This flaw would allow hackers to publicized private videos, delete videos, and even upload other content, shares Tech Radar.
Apart from this security flaw, CNBC revealed that the web domain of the video-sharing app was compromised. Under this, hackers who gained unauthorized access could insert malicious code. The code is designed to mine personal information, including names, email address, contact number, payment details, and the like.
Following the incident, TikTok issued a security patch. The patch is available for download on their latest app update.
The cybersecurity firm contacted the social media video streaming and sharing company on November 20, 2019. To address the incident, TikTok issued a patch by December 15, 2019.
In a statement, head of the security team, Luke Deshotels said, “TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us.” Deshotels is also the current security engineer of the firm.
Deshotels continued to say that, “Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
This security flaw is the second time the company went under fire for its practices. Last December 2019, Tech Radar reports that the United States issued an order banning its employees to use the app on devices issued by the government.
Because of the video-sharing app’s security lapses, the United States Navy said it was a “cybersecurity threat.”