Serious back door Vulnerabilities spotted in TikTok

The security flaws were identified by a cybersecurity firm Check Point, which the company claims to have fixed

Faisal Khan
Jan 15 · 3 min read

TikTok has broken all barriers of popularity, achieving 1.5 billion global users in just over two & a half years. The immense growth can be gauged from the fact that the app is available in 150 markets & used in 75 languages globally. Even more important is the niche that it serves — Generation Z which utilizes the app to create short video clips — mostly lip-synced of 3 to 15 seconds & short looping videos of 3 to 60 seconds.

Having achieved all these laurels, however, the application has been under fire from a lot of quarters for the potential risks identified within the application recently. A Cybersecurity firm Check Point pointed to multiple vulnerabilities that its researchers uncovered. Although the security firm made Tik Tok aware of these security flaws on November 20, 2019, which the latter claims to have addressed by December 15, 2019, as confirmed by Check Point — the damage is done.

The problems were brewing for Tik Tok, even before the report of these vulnerabilities surfaced. With its strong Chinese connection — the parent company ByteDance based in Beijing, the app was under intense scrutiny in the United States. Although the decision by American authorities to scrutinize Chinese technology like Tik Tok was considered more of a trade war by-product by some, that notion seems to be quelled with the recent revelations.

~ Oded Vanunu, Lead Researcher, Check Point

The vulnerabilities would have allowed hackers to send TickTok users malicious links via spoofed text messages, which once clicked would give control of their personal accounts to the attackers including uploading videos or accessing private videos. Another weakness would have allowed retrieval of personal information of the app users through the company’s website. Summarizing from the report, the hackers could do the following:

  • Manipulating content in Tik Tok user accounts
  • Delete videos
  • Upload unauthorized videos
  • Changing private videos to public access
  • Reveal personal information like private email addresses

TikTok has actively denied that it is under the influence of the Chinese government & censoring material that the government there doesn’t like. It also stated that regional managers around the Globe had significant autonomy over decision making & operations. And despite fixing the security flaws, American lawmakers’ concerns about the app’s content policies and data practices remained heightened.

In November, a U.S. security panel had launched a national security review of ByteDance, with the U.S army launching a security assessment of the app in the month asking its soldiers not to use TikTok videos while in uniform. This was followed up by the Department of Defense urging its employees to delete the app from their mobile devices — the very next day the Navy banned the app, with the Army following suit on December 30.

Apps like TikTok, which are looking for aggressive growth pay less attention to testing security vulnerabilities & more on adding user-friendly features. This gives hackers ample opportunities to target services that have not been properly tested for real-world attacks. And with the majority of the app users being young and less mindful of security, it creates a major problem.

Keep in mind that TikTok was fined $5.7 million earlier in February of 2019 on charges of illegally collecting personal information from minors and is also under investigation from British Information Commissioner’s Office to determine if it violated European data privacy laws.


Stay informed with the content that matters — Join my mailing list

Technicity

Empowering you with Technical, Scientific & Financial knowledge

Faisal Khan

Written by

Content Specialist in Cryptocurrencies | Blockchain | Financial Markets | Technology | Future | Science | Space

Technicity

Empowering you with Technical, Scientific & Financial knowledge

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade