TikTok is dangerous! Security flaw found, puts personal data at risk. Update the app
TikTok, the famous social network of the videos of the moment would seem to put at risk the data of the users who use it. The security flaw is reported by Check Point Research, which is the famous cybersecurity company. According to the Chinese company, everything is resolved: just update the application.
The current fashion is called TikTok and is a simple application launched a few years ago, but, which has become ” viral ” only in recent months. It allows you to create creative videos capable of entertaining with special effects, and those who find Instagram boring with their 15-second stories have now decided to move right to TikTok. Yet the researchers of Check Point Research, the famous cybersecurity company, have identified an important security flaw in the application capable of making the personal data of users who have registered and use it, at risk.
According to the report, also clearly sent to TikTok developers, attackers like hackers could potentially upload unauthorized videos and delete others; change the privacy of a user’s videos from private to public; extract sensitive personal data such as name and surname, e-mail and date of birth. In short, having control of the users’ private account without them knowing anything about it.
Tik Tok: the solution is to update the app
On a technical level, what has been ascertained by the experts of Check Point Research is the possibility for the attackers to ” inject and execute a malicious code capable of redirecting the victim user to a dangerous website that seems to be identical to tiktok.com .” In truth, it is not, clearly, and hence the possibility of doing what the hacker wants.
Not only because also through the sending of the SMS by the company for the use of their account, but it would also have been possible for the hackers to ” replace ” the company and send their own modified message.
The security breach discovered has been sent to ByteDance or the company that owns TikTok, which has taken steps to resolve the security issue and update the social applications on both Android and iOS, bringing everything back to normal, at least for now.
How was it technically possible?
To download TikTok, new users receive a download link via SMS after entering their mobile number on the site. A hacker could potentially manipulate and send messages to any cell phone number, pretending to be TikTok – sending and executing malicious codes to carry out unwanted operations such as deleting videos, unauthorized uploading of videos, and changing video privacy settings from private to public.
Also, Check Point researchers learned that a hacker could forcibly move a TikTok user to a controlled server, enabling him to send unwanted requests from the user. The hacker could use the same technique to hijack his victim on a dangerous website in the guise of Tiktok.com. The hijacking opens up the ability to perform Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and Sensitive Data Exposure attacks, without your consent.
The importance of TikTok is today high in the social world. The application with its world of videos with special effects, according to SensorTower estimates, appears to have been downloaded by over a billion and a half users, becoming the third most downloaded after Whatsapp and Messenger and even in front of Facebook and Instagram.
The app is available in over 150 countries with over 75 different languages—definitely a ” special ” application for hackers who are attacking it more than other platforms. The advice at this point is to update the application if you have not already done so through the official Apple and Google stores and not through others of third parties.
