Cybersecurity research firm Check Point Research says it found “multiple vulnerabilities” within video sharing app TikTok that demonstrated its insecurity as scrutiny for the Chinese-owned company continues to grow. Check Point found that it was possible to spoof text messages to make them appear to come from TikTok, among other issues.
TikTok learned about the conclusions of Check Point’s research on Nov. 20 and said it had fixed all of the vulnerabilities by Dec. 15. It’s still an issue however, as the weaknesses would have allowed attackers to send TikTok users messages that carried malicious links. Once users clicked on the links, attackers would have been able to take control of their accounts, including uploading videos or gaining access to private videos.
EDITOR’S PICK: Ninebot unveils the Segway S-Pod with a top speed of 24mi/h at CES 2020
The app, whose parent company is based in Beijing, allows users to post short, creative videos, which can easily be shared on various apps. TikTok has been growing more popular among U.S. teenagers at a time of growing tensions between the United States and China over trade and technology transfers. About 60% of TikTok’s 26.5 million monthly active users in the United States are between the ages of 16 and 24.
In a statement, TikTok head of security Luke Deshotels said “TikTok is committed to protecting user data… Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us… Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
UP NEXT: OnePlus Concept One phone with electrochromic glass to hide rear cameras announced at CES 2020
(Source)
