Check Point Research reveals TikTok vulnerabilities
Cybersecurity threat intelligence, Check Point Research, has published a blog post that reveals the vulnerabilities of the popular short-video sharing app, TikTok, whose users has reached over one billion worldwide.
Check Point revealed that attackers can get a hold of a user’s TikTok account, alter content, and gather personal information. Attackers will also be able to upload unauthorized videos and change the privacy of videos such as switching them from hidden to public.
Check Point Research provided technical details on how hackers attack their victims. The most alarming method is how hackers use TikTok’s own website to lower potential victim’s guard. In TikTok’s website, you can put in your mobile number and TikTok will send you an SMS link to download the app. Hackers can change the link address, which would lead users to an open browser with malicious content. Take note that since the download link will be coming from TikTok, the sender will be from TikTok itself. It’s recommended to simply download the app from the device’s app store.
A solution has already been placed, according to Check Point Research after they have reached out to TikTok’s developer, ByteDance.
TikTok may not contain information such as banking details or your social security number, but the manipulation of the account itself can damage someone’s reputation. This could be a first step to a bigger attack after obtaining your email from TikTok.