TikTok brand is seen displayed on a phone display on this illustration photograph taken in Krakow, Poland on November 13, 2019. (Photo by Jakub Porzycki/NurPhoto by way of Getty Images)
NurPhoto | NurPhoto | Getty Images
China’s common video sharing app TikTok had “multiple” safety vulnerabilities, based on a brand new report.
Cybersecurity agency Check Point mentioned it discovered flaws that might permit hackers to take management of TikTok accounts and manipulate the content material, add and delete movies and reveal private info similar to a personal e mail tackle.
It comes amid heightened scrutiny of the Chinese-owned platform. The findings will add gas to arguments, notably from U.S. politicians, that TikTok — owned by Chinese firm ByteDance — is a national security threat.
The cybersecurity agency discovered that it is potential to ship a typical textual content message to any phone quantity on behalf of TikTok. On the app’s personal website, there’s a operate that lets customers ship a textual content message to themselves to allow them to obtain the app.
But attackers might create a faux textual content message that seemed to be from TikTok, however really contained a malicious hyperlink. Once customers clicked on the hyperlink, hackers might take management of the account.
There was additionally a vulnerability in a TikTok internet area which allowed attackers to insert a malicious code. This was used to retrieve private info of customers.
Check Point mentioned it disclosed the findings to TikTok and so they have been patched.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us,” Luke Deshotels of TikTok’s safety workforce mentioned in a press release. “Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
The safety patch is unlikely to allay issues of U.S. lawmakers who’ve mentioned the app could possibly be a nationwide safety risk. TikTok can be the topic of a Committee on Foreign Investment within the United States, or CFIUS, national security review into its acquisition of Musica.ly, an app it purchased in 2017.
The inquiry stems partly from the hazards the committee perceives from the Chinese authorities’s entry to the app’s information and person profiles, a person familiar with the matter told CNBC last year.