TikTok Vulnerabilities Could Allow Account Takeover by Hackers, More: All You Need to Know
TikTok has been in the news lately for all the wrong reasons. Take for example the ban imposed by US Army, preventing soldiers from using the viral app on government-issued phones citing security concerns. Now, Check Point research has reported multiple vulnerabilities in the TikTok app that could allow hackers to gain control of a user account and manipulate its content, erase videos, change the privacy status, and do a lot more damage. Thankfully, the vulnerabilities in TikTok have now been fixed. While most of the fixes were on the back-end, users are recommended to update their apps to the latest version to be on the safe side.
Check Point Research mentions in its blog post that it was possible to send an SMS message to a mobile number on behalf of TikTok. This functionality is available on the official TikTok website to let users download the app. However, hackers can capture HTTP request using a proxy tool and spoof a message that can contain any harmful link the malicious party intends to send. The link in question can then redirect users to a malicious website, and this was made possible because the redirection process was found to be vulnerable. This further opens the possibility of launching Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Sensitive Data Exposure attacks.
Once this happens, the attacker can take advantage of multiple intermediary techniques to become a follower of the victim and wreak havoc. The possible damage scenarios include deleting someone's TikTok videos, upload unauthorised clips, make ‘private' videos public, and even expose sensitive personal information associated with a TikTok account such as the linked email address, birth dates, payment details, and more. It is essentially equivalent to having a complete account takeover. Thankfully, Check Point Research notified TikTok about the vulnerability and the flaw was fixed before the findings were made public.