TikTok Security Flaw Allows Hackers To Gain Complete Access: Report


TikTok is under scrutiny again. It was earlier alleged that the popular app was sharing user data with the Chinese government. Now, Israeli firm Check Point Research has reported multiple vulnerabilities in the TikTok app. Worse, hackers could easily gain access to a user's account, erase or create new videos, manipulate the content, and more.

TikTok Security Flaw Discovered

TikTok Security Flaw Discovered

Some of the findings by the security research were jotted in a blog post. For one, the security researchers were able to send an SMS to a mobile number, posing as TikTok. This functionality can be spotted on the official website, which allows users to download the app. But it can easily be misused by capturing HTTP request and spoof a message with a dangerous link.

TikTok App Security Flaw

Once the malicious link reaches the victim, it can be redirected to a malicious website. The researchers cite it opens the possibility of launching Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Sensitive Data Exposure attacks. Further, the hacker can tap into other techniques to follow the victim on the app, which is more dangerous.

At the same time, Check Point Research also found evidence that a subdomain (https://ads.tiktok.com) was vulnerable to XSS attacks. It could allow people with malicious intent to inject scripted in trusted websites. The researchers found the injection point for an XSS attack in the search functionality. TikTok had employed an "unconventional JSONP callback that makes it possible to request data from API servers without CORS and SOP restrictions, which made it possible to steal data by initiating an AJAX request," the blog says.

TikTok Fixes Flaw

TikTok Fixes Flaw

The research also discovered that hackers could wreak havoc on a user's account. They could upload videos and clips, change private videos into public, and even misuse sensitive information. Personal information like birth dates, payment details, linked emails, and so on could easily be hacked into.

TikTok Security Issues Mounting

In other words, a hacker could gain full access and completely take over the account. Check Point Research reported its findings to TikTok before revealing it to the public. Tiktok announced that it has fixed all the vulnerabilities on the app. Even though most of the issues were on the back-end, users have been advised to update TikTok to the latest version.

Most Read Articles
Best Mobiles in India

Read More About: news apps tiktok security

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more