Category: General|Jan 12, 2020 | Author: Admin

Multiple TikTok Vulnerabilities Could Exploit Or Delete Users’ Personal Data

Share on

Social media craze TikTok has now made it to the news owing to security issues. Researchers have found numerous vulnerabilities in the TikTok app that could risk users’ security. Exploiting the bugs could allow an attacker to add or delete users’ videos or alter privacy settings.

Multiple TikTok Vulnerabilities Found Researchers from Check Point Research have found numerous vulnerabilities in the TikTok app.

The vulnerabilities could have serious security consequences if exploited by an adversary. Detailing their findings in a blog post, the researchers stated that numerous security flaws affected the app in different ways. In brief, a successful attack required a perpetrator to first use SMS spoofing to send malicious links to the target.

Clicking on the link would then exploit the ‘deep links’ functionality of Tiktok. This would subsequently allow the attacker to trigger an intent in the app via the browser URL.

Then, the malicious link would redirect the victim to a malicious website, opening the possibilities for cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, and data exposure. Some possible attack scenarios include deletion of videos from users’ accounts, adding videos to the account, or making private videos public.

Moreover, the attacker could simply take control of the target account and gain access to the victim’s personal information. The following video demonstrates how an adversary could exploit all the flaws for a successful attack.

TikTok Patched The Flaws Check Point has confirmed that TikTok has addressed the issues after the researchers reported the matter to them. So for now, TikTok users can continue to use the app safely.

Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


All versions of Windows are exposed

Category: Microsoft|Sep 25, 2021 | Author: Admin

Android's underappreciated upgrade advantage

Category: Google|Sep 24, 2021 | Author: Admin

No Electricity? A New Cooling System Uses Sunlight and Saltwater

Category: General|Sep 23, 2021 | Author: Admin

Slack begins rolling out video and audio message ‘clips’

Category: General|Sep 22, 2021 | Author: Admin

Roku's free OS 10.5 lets you dictate passwords, fixes pesky sound lags on headphones

Category: IT|Sep 21, 2021 | Author: Admin

Some good news and some strange news from Apple

Category: Apple|Sep 20, 2021 | Author: Admin

New Windows security updates break network printing

Category: Microsoft|Sep 19, 2021 | Author: Admin

Sent 700tb over 4 km of laser technology

Category: IT|Sep 18, 2021 | Author: Admin

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin
more