Skip to main content
Global Edition
Friday, March 29, 2024

Vulnerabilities found in TikTok: Report

Credit: Reuters - 3D Animations (Next Me
Duration: 01:03s 0 shares 1 views

Vulnerabilities found in TikTok: Report
Vulnerabilities found in TikTok: Report

Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app.

For story suggestions or custom animation requests, contact tips@nextanimation.com.tw.

Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app.

In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app.

Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker.

This allowed attackers to access a user's account and to send requests on their behalf.

Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead.

Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public.

Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user.

This includes emails, payment information or birthdates.

According to the BBC, Check Point said they informed TikTok's parent company ByteDance about the vulnerabilities in November.

TikTok says the security flaws have since been fixed in their latest app version.

RUNDOWN SHOWS: 1.

Security flaws found in TikTok 2.

How hackers are able to access a user's account 3.

They could manipulate a user's content feed 4.

Hackers could also gain access to user's sensitive information VOICEOVER (in English): "Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app." "In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app." "Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker." "This allowed attackers to access a user's account and to send requests on their behalf." "Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead." "Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public." "Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user.

This includes emails, payment information or birthdates." SOURCES: Check Point Research, CNBC, BBC News https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/ https://www.cnbc.com/2020/01/09/tiktok-security-flaw-found-that-allowed-hackers-to-access-accounts.html https://www.bbc.com/news/technology-51010408 *** For story suggestions please contact tips@nextanimation.com.tw For technical and editorial support, please contact: Asia: +61 2 93 73 1841 Europe: +44 20 7542 7599 Americas and Latam: +1 800 738 8377

You might like