Category: General|Jan 12, 2020 | Author: Admin

Multiple TikTok Vulnerabilities Could Exploit Or Delete Users’ Personal Data

Share on

Social media craze TikTok has now made it to the news owing to security issues. Researchers have found numerous vulnerabilities in the TikTok app that could risk users’ security. Exploiting the bugs could allow an attacker to add or delete users’ videos or alter privacy settings.

Multiple TikTok Vulnerabilities Found Researchers from Check Point Research have found numerous vulnerabilities in the TikTok app.

The vulnerabilities could have serious security consequences if exploited by an adversary. Detailing their findings in a blog post, the researchers stated that numerous security flaws affected the app in different ways. In brief, a successful attack required a perpetrator to first use SMS spoofing to send malicious links to the target.

Clicking on the link would then exploit the ‘deep links’ functionality of Tiktok. This would subsequently allow the attacker to trigger an intent in the app via the browser URL.

Then, the malicious link would redirect the victim to a malicious website, opening the possibilities for cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, and data exposure. Some possible attack scenarios include deletion of videos from users’ accounts, adding videos to the account, or making private videos public.

Moreover, the attacker could simply take control of the target account and gain access to the victim’s personal information. The following video demonstrates how an adversary could exploit all the flaws for a successful attack.

TikTok Patched The Flaws Check Point has confirmed that TikTok has addressed the issues after the researchers reported the matter to them. So for now, TikTok users can continue to use the app safely.

Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Microsoft confirms big Windows 11 reveal for gamers

Category: Microsoft|Feb 27, 2024 | Author: Admin

Security company sold users' browser activity

Category: Microsoft|Feb 26, 2024 | Author: Admin

Are you also tired of reboots?

Category: Microsoft|Feb 25, 2024 | Author: Admin

Apple officially unbans Epic Games iOS developer account

Category: Apple|Feb 24, 2024 | Author: Admin

Google Pauses Gemini AI Image Generator After It Created Inaccurate Historical Pictures

Category: Google|Feb 23, 2024 | Author: Admin

We never thought it would happen

Category: IT|Feb 22, 2024 | Author: Admin

It's finally over and the victims can rejoice

Category: IT|Feb 21, 2024 | Author: Admin

Accusing Intel of cheating

Category: IT|Feb 20, 2024 | Author: Admin

It was probably China that forced Apple

Category: Apple|Feb 19, 2024 | Author: Admin

It looks like Spotify is getting its revenge on Apple

Category: General|Feb 18, 2024 | Author: Admin

This changes everything

Category: IT|Feb 17, 2024 | Author: Admin

This is how Apple defends its new iPhone limitation

Category: Apple|Feb 16, 2024 | Author: Admin

Windows 11 will get this this month

Category: Microsoft|Feb 15, 2024 | Author: Admin

Watch out, they're shutting down on pc

Category: General|Feb 14, 2024 | Author: Admin

After 20 years, Apple's mistakes still haven't been fixed

Category: Apple|Feb 13, 2024 | Author: Admin
more