The much talked about social media platform TikTok gained immense popularity in the past year. The music video app hit 1.5 billion downloads near the end of 2019, beating both Facebook and Instagram to become the most downloaded non-gaming app of 2019.
However, the app has been under great scrutiny and might we say, ‘for all the right reasons’. One of the security firms CheckPoint has discovered serious vulnerabilities in the application that let hackers access a user’s profile and their videos.
The security flaw has allowed hackers to send text messages that are disguised as legitimate texts from TikTok itself. The messages contained a viral link which, once clicked, would allow hackers to access the user’s account and all private data.
Moreover, a separate flaw redirected a hacked user to a malicious website that looked like TikTok’s homepage, leaving the user’s account open to cross-site scripting and other types of attacks.
CheckPoint informed TikTok about the security flaw as soon as it was discovered and the vulnerability has since been patched.
Luke Deshotels, the head of TikTok’s security team commented:
TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.