Multiple TikTok Vulnerabilities Could Exploit Or Delete Users’ Personal Data
The social media craze Tiktok has now made for news due to security issues. Researchers have found several vulnerabilities in the Tiktok app that could put users’ security at risk. Uncovering bugs may allow an attacker to add or delete users’ videos or change privacy settings.
Multiple TikTok Vulnerabilities Found
Researchers at Check Point Research have found several weaknesses in the Tiktok app. Disasters can have serious security consequences if exploited by an adversary. Tracing their findings in a blog post, the researchers said that several security flaws affected the app in various ways. In short, a successful attack requires a criminal to use SMS spoofing to send malicious links to targets. Then clicking on the link will benefit TickTalk’s ‘deep link’ functionality. This would later allow the attacker to trigger an intent in the app via a browser URL. Then, the malicious link will redirect the victim to the malicious website, opening up the possibilities of cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks and data exposure. Some possible attack scenarios include removing videos from users’ accounts, adding videos to accounts, or making private videos public. In addition, the attacker can only control the target account and gain access to the victim’s personal information. The following video shows how an adversary can exploit all the flaws for a successful attack.
TikTok Patched The Flaws
Check Point has confirmed that Tickcock has addressed the issues, after which researchers reported the case to him. So for now, TikTok users can continue to use the app safely.
Let us know your thoughts in the comments.