TikTok fans warned of security flaw that exposed app’s 1.5BILLION users to hackers

TikTok fans warned of security flaw that exposed app’s 1.5BILLION users to hackers


MORE than a billion TikTok users were exposed to hackers by major flaws in the app’s software.

Security experts said the vulnerabilities could have allowed criminals to access people’s private addresses, emails and dates of birth.

 Cyber researchers have exposed a gaping flaw in TikTok's software that exposed its 1.5billion users to hackers

2

Cyber researchers have exposed a gaping flaw in TikTok’s software that exposed its 1.5billion users to hackersCredit: Alamy

The flaws have now been fixed after researchers at cyber security firm Check Point alerted ByteDance, the Chinese company that owns TikTok.

Check Point said it notified ByteDance in November and an update patching the flaws was deployed within a month.

Popular among young people, TikTok’s video sharing platform was among the most downloaded apps of 2019.

The weakness meant an attacker could send a fake text message to victims that appeared as though it was from TikTok.

 The vulnerabilities could have allowed criminals to access people's private addresses, emails and dates of birth

2

The vulnerabilities could have allowed criminals to access people’s private addresses, emails and dates of birthCredit: Alamy

Clicking a malicious link contained in the message would grant bad actors access to the user’s account, allowing them to delete or upload videos, as well as make private or hidden videos public, Check Point said.

It also claimed hackers could extract confidential personal information saved on these accounts, such as users’ full names, email addresses and birthdays – though TikTok says it does not believe that any real names could have been accessed.

Luke Deshotels, from TikTok’s security team, said: “TikTok is committed to protecting user data.

“Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us.

“Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app.

What is TikTok?

Here’s the official description from the NSPCC’s Net Aware…

  • TikTok is a social media app where users can record and upload short video clips. In August 2018, TikTok merged with Musical.ly, meaning all users with Musical.ly accounts were moved to TikTok. We’ve pulled together some information about the app and how to keep your children safe while using it.
  • The majority of clips in TikTok include young people lip syncing and dancing to songs or comedy sketches (skits). Users can watch clips posted by other members, and can set their videos to be viewed publicly to other users or privately to friends (also known as followers).
  • Like Snapchat, TikTok has filters where users can record their videos. It also includes other additional video editing features such as slow motion or speeding up videos. What makes this app popular with young people is the collaborative element where TikTok users can reply to one another and do joint videos on a split screen or participate in user created challenges.
  • TikTok users can send messages to each other within the app; privacy settings for this can be changed to allow a user to communicate with all other TikTok users or just to friends. TikTok has a similar social media element like Instagram and Twitter, where users can follow each other and like content.
  • If your child is using TikTok, we recommend speaking to them about how they can use this app safely.

“We hope that this successful resolution will encourage future collaboration with security researchers.”

TikTok says a review of customer support records has not shown any patterns that would indicate an attack or breach occurred.

“Data is pervasive, and our latest research shows that the most popular apps are still at risk,” explained Oded Vanunu, Check Point’s head of product vulnerability research.

“Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface.

“Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications – yet most users are under the assumption that they are protected by the app they are using.”

TikTok video of person making loaf of bread with talcum powder, baby oil and Febreze shocks internet users

In other news, Instagram’s new Dark Mode makes nighttime scrolling easy on your eyes.

Facebook recently revealed a plot to merge Messenger with Instagram and WhatsApp.

And, here’s out guide on how to delete your TikTok account permanently – and get rid of all the videos you’ve posted.

Do you worry about your cyber security? Let us know in the comments!


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]






Source link