TikTok Fixes Serious Security Flaws

44
645

TikTok Fixes Serious Security Flaws

Security flaws on the TikTok video-sharing platform, that could have let hackers add or delete videos, change privacy settings and steal personal data, have been fixed after they were highlighted to developer ByteDance.

Researchers at security firm Check Point found multiple issues, all ripe for exploitation by hackers.

It informed ByteDance of the problems in November.

TikTok said they were fixed and thanked the security firm for alerting them.

“Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us,” it said in a statement.

“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers.”

A zero-day vulnerability refers to a security flaw that has not been previously disclosed.

Check Point added that the vulnerability was in place for most of 2019, and said this raised “serious questions” about whether any hacker had discovered it.

It said that ByteDance had “responsibly deployed” a solution within a month of it being told about the problem.

Much of the issue lay in the way that TikTok handled users’ mobile phone numbers, which people must provide when they register for the app.

Check Point discovered that hackers could access these numbers and send texts on behalf of TikTok. In turn that allowed a hacker to:

https://www.bbc.com

  • delete videos, change settings on them from private to public or upload unauthorised videos
  • force a TikTok user on to a web server controlled by the hacker, making it possible for the attacker to send unwanted requests on behalf of the user
  • Redirect users to a malicious website masquerading as TikTok

The security consultant leading the work, Oded Vanunu, told the BBC: “There has been lots of speculation as to how safe or unsafe TikTok is. We proved that there were, indeed, serious security issues with TikTok.

British Royals Feel Hurt By The Way Harry And Meghan Quit

“We don’t have visibility into TikTok’s platform, so we can’t tell if anything was actually exploited. But imagine how much power would have been in the hands of someone who wanted to distribute fake news on the platform.”

Last week the US military told its personnel not to use the Chinese-owned app on government-issued phones, because of security concerns and fears over possible links to the Chinese government.

Initially popular in Asian countries, the short video creation platform has experienced huge growth in recent years and now has 1.5 billion downloads.

TikTok Fixes Serious Security Flaws

44 COMMENTS

  1. I was recommended this web site by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You are amazing! Thanks!

  2. I am frequently to blogging as well as i actually value your web content. The short article has actually peaks my interest. I am going to bookmark your site and also keep looking for brand-new details.

  3. I am commonly to blog writing and also i truly appreciate your material. The article has really peaks my interest. I am mosting likely to bookmark your website and also keep checking for brand-new details.

  4. I think other web site proprietors should take this site as an model, very clean and excellent user friendly style and design, as well as the content. You’re an expert in this topic!

  5. Hey there just wanted to give you a quick heads up and let you know a few of the images aren’t loading properly. I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same results.

  6. I do consider all of the concepts you have presented for your post. They’re really convincing and can definitely work. Nonetheless, the posts are too short for beginners. May just you please lengthen them a bit from subsequent time? Thank you for the post.

  7. Hi there, I found your site by the use of Google while looking for a similar matter, your site got here up, it seems good. I’ve bookmarked it in my google bookmarks.

  8. Hi there! Do you know if they make any plugins to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Many thanks!

  9. I have been exploring for a little bit for any high-quality articles or blog posts in this kind of area . Exploring in Yahoo I eventually stumbled upon this website. Studying this info So i’m happy to exhibit that I have an incredibly just right uncanny feeling I found out just what I needed. I such a lot unquestionably will make sure to don’t omit this web site and give it a look on a continuing basis.

  10. I do agree with all of the ideas you’ve presented in your post. They are really convincing and will definitely work. Still, the posts are too short for beginners. Could you please extend them a little from next time? Thanks for the post.

  11. One other issue is that if you are in a scenario where you would not have a co-signer then you may genuinely wish to try to wear out all of your financing options. You can find many grants and other scholarship grants that will supply you with money to help you with university expenses. Thanks for the post.

  12. Thanks for the helpful post. It is also my opinion that mesothelioma cancer has an really long latency interval, which means that signs and symptoms of the disease may not emerge until finally 30 to 50 years after the primary exposure to asbestos. Pleural mesothelioma, which is the most common form and affects the area round the lungs, will cause shortness of breath, upper body pains, including a persistent cough, which may cause coughing up maintain.

  13. Thank you for the auspicious writeup. It if truth be told was a amusement account it. Glance complex to more delivered agreeable from you! However, how can we keep up a correspondence?

  14. Thank you for some other great post. Where else may just anybody get that type of information in such an ideal way of writing? I’ve a presentation subsequent week, and I am at the look for such info.

  15. I was recommended this web site by way of my cousin. I am no longer certain whether or not this post is written by him as no one else recognize such precise approximately my problem. You’re wonderful! Thank you!

  16. Thank you, I have recently been looking for information approximately this subject for a long time and yours is the best I’ve found out till now. But, what in regards to the conclusion? Are you certain concerning the source? rent a car pristina

  17. Can I simply say what a reduction to seek out somebody who actually knows what theyre talking about on the internet. You definitely know tips on how to convey an issue to mild and make it important. More people have to learn this and perceive this side of the story. I cant imagine youre no more standard since you definitely have the gift.

  18. Hello There. I found your blog using msn. This is an extremely well written article. I’ll make sure to bookmark it and come back to read more of your useful info. Thanks for the post. I’ll definitely return.

  19. One other thing is that an online business administration training is designed for scholars to be able to smoothly proceed to bachelor degree courses. The Ninety credit college degree meets the lower bachelor diploma requirements and once you earn your own associate of arts in BA online, you should have access to the newest technologies on this field. Some reasons why students are able to get their associate degree in business is because they may be interested in this area and want to have the general instruction necessary ahead of jumping in to a bachelor college diploma program. Thx for the tips you provide with your blog.

  20. hi!,I love your writing so a lot! percentage we be in contact more about your post on AOL? I require an expert in this house to unravel my problem. May be that is you! Taking a look forward to peer you.

  21. 34441 63079I added this post to my favorites and plan to return to digest a lot more soon. Its effortless to read and comprehend as well as intelligent. I truly enjoyed my initial read via of this article. 111074

  22. The next time I check out a blog, I wish that it does not disappoint me as long as this. I suggest, I know it was my option to read, however I really assumed youd have something fascinating to claim. All I hear is a lot of yawping concerning something that you could deal with if you werent too active trying to find interest.

  23. My husband and i felt excited when Raymond managed to carry out his web research while using the precious recommendations he obtained when using the site. It is now and again perplexing to just choose to be releasing techniques many people could have been making money from. Therefore we realize we need you to appreciate for this. All of the explanations you’ve made, the simple site menu, the friendships you give support to engender – it’s got many powerful, and it’s aiding our son in addition to our family recognize that this article is satisfying, and that’s very vital. Thanks for everything!

  24. You can certainly see your skills in the paintings you write. The arena hopes for even more passionate writers such as you who aren’t afraid to say how they believe. At all times follow your heart.

LEAVE A REPLY

Please enter your comment!
Please enter your name here