Test Level researchers uncover safety vulnerability on TikTok – once more
After Israeli cybersecurity firm Check Point discovered a security flaw that could potentially allow hackers to gather sensitive information about TikTok users, it teamed up with the popular social networking app to fix the problem.
In a press release, the company mentioned that one of its research teams recently found a security flaw in the Friend Finder feature of the TikTok mobile application. The team has determined that an attacker could use this vulnerability to link personal information in user profiles to their phone numbers, creating a detailed database that could be used to target unsuspecting users and reveal their personal information.
However, the vulnerability only affected users who had their phone numbers linked to their TikTok accounts or who had used their phone number to register with the application, which is not required.
With this in mind, TikTok’s growing popularity should be noted, especially with children and teenagers, many of whom may not know or care about the risks involved in sharing personal information online.
The Check Point team made the discovery after studying various features of the application that were linked to privacy issues.
“Since our main purpose was to investigate TikTok’s privacy, we focused on all actions related to user data,” the company stated in a press release. “The mobile application was found to allow syncing of contacts. This means that a user can sync their contacts to easily find people they know on TikTok.”
In other words, a skilled hacker would have the ability to link phone numbers to certain profile details, including names, private pictures, user IDs, and even user preferences. Coupled with bad intentions, this type of information can lead to user extortion and possible identity theft.
cnxps.cmd.push (function () {cnxps ({playerId: ’36af7c51-0caf-4741-9824-2c941fc6c17b’}). render (‘4c4d856e0e6f4e3d808bbc1715e132f6’);});
if (window.location.pathname.indexOf (“656089”)! = -1) {console.log (“hedva connatix”); document.getElementsByClassName (“divConnatix”)[0].style.display = “none”;}
Oded Vanunu, who led the Check Point research team that located the vulnerability, added that such databases of personal information can be used for phishing scams or even targeted attacks on specific devices associated with the leaked information.
Check Point researchers were able to bypass the application’s security measures using an independent mechanism they developed, and they managed to obtain personal information from several well-known Israeli TikTok users, including a famous singer, architect, and internet celebrity ( aka) an influencer).
After Check Point verified that it was indeed a serious security breach, it reached out to TikTok and worked with the application’s security teams to resolve the vulnerability.
TikTok later released a statement emphasizing the importance of protecting the privacy of its users.
“The privacy and protection of our community’s information is a top priority for TikTok. We value working with certified partners like Check Point, who help us identify and fix potential problems before they affect our users,” the statement said by TikTok.
The company added that it intends to strengthen its privacy practices by updating its systems and investing in automated protections, as well as by continuing to work with other companies.
“We appreciate the fact that TikTok was quick to act to fix the problem,” said Vanunu. However, he noted that sharing personal information online, and especially on social media platforms, is always a risk that users need to be aware of. “We always recommend that users give as little personal information as possible and ensure that the applications they use are updated with the latest version available,” he added.
This isn’t the first time Check Point has found security issues in TikTok. In January last year, Check Point researchers discovered bugs in the application that allowed hackers to tamper with user accounts and extract information such as dates of birth and personal email addresses.
TikTok has great suspicions about the privacy of its users. As a Chinese-owned app, it was scrutinized by the Trump administration last year for allegedly threatening national security by spying on users and providing information to the Chinese government. Even so, it remains one of the world’s most popular applications with an increasingly growing user base.
Comments are closed.