TikTok security loophole allowed hackers spread malware

Reputed mobile security firm Check Point Research has found vulnerabilities in the TikTok website, that can allow hackers to send benign-looking SMS to naive users and manipulate them to go to a malware-laced webpage.

Once the malware gets injected in the phone, they can gain illegal access to information such as personal images, video, contacts, email IDs, birthdays and the most scaring part is that the bad actors can share them on social media platforms.

“Data is pervasive but data breaches are becoming an epidemic, and our latest research shows that the most popular apps are still at risk. Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using,” Oded Vanunu, Check Point’s Head of Product Vulnerability Research said.

Before making the TikTok vulnerabilities public, the Check Point Research team informed the company and duly fixed in December 2019.

The news comes after the days, US Army banned its service personnel from using the video-sharing app TikTok, as it was deemed a security threat. Also, There were speculations of user-data being hoarded to the Chinese server, but there is concrete information on that aspect.

Must read | Google kills Assistant support for creepy Mi Home Cam

In India too, TikTok has come under scrutiny in 2019, but for a different reason. Several public representatives and traditional people accused TikTok of ruining Indian culture and also allowed minors access to age-inappropriate content.

For a brief period, TikTok was banned from Apple App Store and Google Play under the order Ministry of Electronics and Information Technology (MeitY) order and Madras High. It had to go Supreme Court to put a stay order and later TikTok was allowed back to the App stores.

Since then, TikTok has brought changes to the video-sharing apps including increasing the age-limit for access to the app, scaling up anti-bully measures and also control the spread of vulgar adult content on its medium.

“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," Luke Deshotels, TikTok Security Team said.

Get the latest news on new launches, gadget reviews, apps, cyber security and more on personal technology only on DH Tech.