Tiktok App is filled with Vulnerabilities

This certainly will be a bad news to all those 1 billion active users of Tiktok and the news is as follows- A recent research carried out by Cybersecurity Company Checkpoint has discovered that the video-sharing app Tiktok had two major vulnerabilities which allowed cyber crooks to snoop into any account and access private details such as addresses, emails, and date of birth.

Moreover, the research says that there could also use a security hole to manipulate videos, delete user content, make private videos public and also leak the A-rated content to X-rated websites.

Reports are in that the security researchers from Checkpoint have alerted the China-based company about the vulnerabilities for which a fix has been issued in the recent update of the app. So, users of Tiktok are being urged by ByteDance, the parent company of Tiktok to update their app to ensure that they are completed protected from the vulnerabilities.

Going with the technical details provided by Checkpoint, the flaw exposed the app users to hackers who could then send a malicious SMS message to a user and as soon as the victim clicks on the link, the attacker was able to get a hold of the account and could successfully manipulate the content.

Available in over 150 markets across the world, Tiktok happens to be the most downloaded Chinese app in the United States.

The research also says that the subdomain of Tiktok which happens to be ads.tiktok.com is also vulnerable to hacks as it is susceptible to XSS cyber-attacks where malicious scripts are injected into trusted websites for cyber fraud.

Meantime, the management of Tiktok has issued a ban on misinformation being spread on its platform that could lead to a situation where the health & sentiments of its users could be hurt. So, a specialized team of experts will be monitoring the videos posted on the Tiktok platform from now on and will be filtering inappropriate content through artificial intelligence.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display