Kids around the world, update your TikTok app!
The reason is that exploiting older versions of this Chinese video-sharing app, which is immensely popular with teenagers, can tamper with accounts, delete and add videos, and even reveal private videos and personal information.
Researchers at Check Point, an Israeli cybersecurity firm, describe the flaw in detail in a lengthy research paper published today (January 8). Without going into details, the flaw in TikTok's website allows attackers to send malicious SMS texts to cell phones, force the TikTok app on a user's phone to open malicious web pages, and even delete or add videos to a user's account There were numerous ...
Check Point researchers analyzed the impact of malicious activity in the Android version of the TikTok app rather than the iOS version, but because most of the problems are on the server side of TikTok and not on the user client side, most of these flaws are exploitable on both mobile platforms.
Fortunately, all flaws have been fixed in recent updates to the app. [In a joint statement with Check Point, TikTok security team member Luke Deshotels said, "Prior to publication, Check Point agreed that all reported issues have been fixed in the latest version of the app. We hope this resolution will facilitate future collaboration with security researchers." [As of this writing, the latest versions of TikTok are 14.4.0 for iOS and 14.4.11 for Android.
TikTok has been banned from the smartphones of most active duty U.S. military personnel because the U.S. government considers the app a military threat to China, not because of lax website security. (For a social networking app, TikTok is quite protective of privacy.) More than one billion people worldwide have installed either the TikTok app or its China-only sister app Douyin.
Comments