Israeli cybersecurity research firm found serious Vulnerabilities in TikTok

Israeli cybersecurity research firm found serious Vulnerabilities in TikTok. Found this vulnerability last November 20 and it was fixed by TikTok developers on December 15. hackers manipulate user data, expose personal information and send users malicious links.

TikTok, one of the fastest-growing social network app in the world, fixes a bug last December that lets hackers manipulate user data, expose personal information and send users malicious links.

Serious Vulnerabilities in TikTok

An Israeli cybersecurity firm "Check Point" found serious vulnerabilities in most popular video app TikTok.
TikTok was notified about the Vulnerabilities on November 20 last year and fixed all of the vulnerabilities discovered by Check Point cybersecurity researchers on December 15.
As reported by the Checkpoint by a blog post today,
The vulnerabilities noted by the Checkpoint security researchers that allow attackers to do the following:

• Get hold of TikTok accounts and manipulate their content.
• Delete videos.
• Upload unauthorized videos.
• Make private “hidden” videos public.
• Reveal personal information saved on the account such as private email addresses.

TikTok Vulnerabilities found by Check Point:

In its research, Check Point found some serious vulnerabilities they are:

SMS Link Spoofing:

It was possible to access the mobile numbers of TikTok users that is a mandatory requirement while signing up. These numbers could then be used to send spoof texts and make them appear to come from TikTok. Sending fake links via these messages could then let hackers get access to parts of the user’s account that’d let them upload, delete or delist videos. Legitimate SMS message.

Using TikTok’s website, hackers could send users a message to download the app, but with a malicious link. Through manipulated javascript code attackers could control a user’s profile when they click on the link sent through SMS. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.

TikTok's Spokesperson & the head of security Luke Deshotels said in a statement that:

"TikTok is committed to protecting user data... Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us... Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."

Anyhow the cybersecurity firm found this vulnerability last November 20  and it was fixed by TikTok developers on December 15. While TikTok users are not under any threat, you should make sure you’re running the latest version of the app download from the android play store.