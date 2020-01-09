Check Point Research has found major security flaws in TikTok, which would have a hacker easy access to the user’s account. (Image source: Reuters) Check Point Research has found major security flaws in TikTok, which would have a hacker easy access to the user’s account. (Image source: Reuters)

TikTok, which has over one billion users and continues to grow in popularity across the world, had serious security vulnerabilities in its app, which would have not only exposed users’ personal information, but also allowed hackers to manipulate their account. This was revealed by security researchers at Check Point Research in a detailed blog post.

The flaws have been fixed in the app, and Check Point made public disclosure after the issues were resolved. The security problems were discovered in November 2019, and fixed by December 15. Still, TikTok users who might not have updated their apps for the last month or so, should do so immediately, both on Apple’s iOS and Google Play Store.

Read more: TikTok’s first transparency report: India had maximum content take down requests

So what were the security problems with TikTok’s app?

According to the Check Point Research teams, TikTok’s functionality of letting users send an SMS message with link to download the application was what could be exploited by hackers. A spoofed or malicious SMS would be sent to the user, which would look like it was from TikTok, and when the user clicked on the link, the hackers could take control over their account.

What could hackers do with TikTok’s security flaw?

According to the researchers, the hackers could get a hold of the user’s TikTok account or accounts and manipulate their content. This would include deleting videos, uploading unauthorised videos. Hackers could also private “hidden” videos public. Further they could scrape personal information saved on the account such as private email addresses and other details from the TikTok account.

Explained | Why the US Army banned TikTok

How would the hackers carry out these tasks on TikTok?

The researchers have put a video with a proof of concept of the attack, which allowed them to carry out the tasks listed above. They found that using the send SMS option on TikTok was easy to exploit. The message sent to the victim was a spoofed SMS, containing a link that the attacker was choosing.

Researchers also found when reverse engineering the TikTok app on an Android mobile, that it had a deep links” functionality, which made it possible to carry out commends in the app via a browser link. The attacker would send a custom link in the SMS, and the app would open a web browser window, going to server controlled by the attacker. The attack could then carry out the tasks they wanted in the app.

For all the latest Technology News, download Indian Express App

© IE Online Media Services Pvt Ltd