HOME
Breaking News

Vulnerabilities found in video sharing app TikTok

by VARINDIA 2020-01-09
Vulnerabilities found in video sharing app TikTok

One of the most popular social media app, TikTok had serious vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information. It has been revealed in a research published by CheckPoint.

 

The vulnerabilities could have allowed attackers to manipulate with user accounts and expose personal data including names, email addresses and dates of birth.

 

The video sharing app has been downloaded by over a billion Android and iPhone users around the world. It is most popular among the teens.  

 

Check Point has joined hands with TikTok and the cyber security company has fix all the vulnerabilities. CheckPoint ensured that no vulnerabilities can now be used by hackers but it is not sure that if the security loopholes have been exploited earlier.     

 

One of the vulnerabilities that researchers uncovered was in the SMS functionality of the TikTok app. To help users install the application, the website allows them to send a text message to themselves with a link to download it. However, it was found that attackers could exploit this for malicious purposes.

 

Another vulnerability that the researchers found is in TikTok Ads subdomain of the official TikTok website which was vulnerable to Cross-Site Scripting (XSS) attacks, allowing attackers to inject malicious scripts that could target users via a trusted domain.

 

By combining these, it is possible for the attacker to manipulate the victim's TikTok account. They could delete videos, they could make private videos public or post their own videos.

 

However, account manipulation isn't the only potential risk of the vulnerabilities as researchers found it to be possible to combine the SMS and XSS vulnerabilities to retrieve sensitive information not meant for public consumption, including their name, email address and date of birth.

 

After the vulnerabilities got uncovered late last year by Check Point to TikTok's Chinese parent company ByteDance, who worked quickly and deployed an update to fix the security loopho

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
India sees 24% surge in ransomware attacks in H1 2024: Kaspersky

India sees 24% surge in ransomware attacks in H1 2024: Kaspersky

Quick Heal aims to boost consumer business with new anti-fraud solution

Quick Heal aims to boost consumer business with new anti-fraud solution

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Cloudera announces new AI Assistant with intelligent capabilities

Cloudera announces new AI Assistant with intelligent capabilities

Futurense Launches India’s First Futurense Leadership Council

Futurense Launches India’s First Futurense Leadership Council

MediaTek Powers India's Digital Future with Latest Innovations

MediaTek Powers India's Digital Future with Latest Innovations

Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems

Sasken Technologies to acquire Borqs Technologies

Sasken Technologies to acquire Borqs Technologies

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Wipro partners with RELEX Solutions to enable clients optimize retail operations