According to reports, a security firm by the name of Check Point alerted ByteDance, that company behind TikTok of some major TikTok security flaw back in November that has now been fixed.
According to reports, this was a zero-day vulnerability flaw which means that the flaw has never been previously disclosed.
This bug involved the way TikTok handled the phone numbers of users which were provided at sign up. Hackers could potentially get access to these numbers allowing them to send texts on behalf of TikTok that allowed them to do multiple things.
These included the ability to delete videos or change video settings like making them public from private and even gave the ability to upload videos to a user account.
This also gave hackers the ability to redirect the user to malicious websites and the ability to send unwanted requests on behalf of the user.
The TikTok security flaw has now fixed the bug and the company thanked the security firm for bringing this to their attention.
TikTok said in a statement:
Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,
Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers.
Although there is no way to be sure whether this TikTok security flaw was exploited since TikTok has not revealed such information.
According to a BBC report, a security consultant told them:
There has been lots of speculation as to how safe or unsafe TikTok is. We proved that there were, indeed, serious security issues with TikTok.
We don’t have visibility into TikTok’s platform, so we can’t tell if anything was actually exploited. But imagine how much power would have been in the hands of someone who wanted to distribute fake news on the platform.
The US navy recently banned the use of this app on government issued phones because of fear of the app having links to Chinese government and sharing user data.
Read more: Samsung Electronics Unveils 2020 QLED 8K TV.
Follow INCPak on Facebook / Twitter / Instagram for updates.
Leave a Reply