TikTok security flaws found, hack personal accounts.
Security flaws on the TikTok video-sharing platform, that could have let hackers add or delete videos, change privacy settings and steal personal data, have been fixed after they were highlighted to developer ByteDance.
Hackers could have used a backdoor to change TikTok users’ settings and turn private videos into public videos, according to Check Point researchers. They might also have been able to upload and delete videos.
Check Point, the Israel-based cyber-security firm, published its findings today on TikTok. There was no evidence that accounts had been hacked, the firm only uncovered potential vulnerabilities, and TikTok has since fixed the holes in its software.
Still, the mere existence of security flaws will be sure to interest U.S. authorities that have been concerned about the rise of TikTok. Last year, U.S. lawmakers Senator Marco Rubio and Senator Chuck Schumer began calling for national security reviews into the Chinese-owned app, and in recent weeks U.S. military officials have issued warnings to personnel to not use the app.
There have been concerns that U.S. soldiers and other military staff could be tracked through the app, divulge sensitive information through their activity, or share compromising data. Until now, the warnings have been somewhat vague. The new research, however, offers a concrete example of how accounts could be breached.
“We proved that the basic function [of TikTok] is not secure,” says Oded Vanunu, head of products vulnerability research at Check Point. “Anyone could have taken control of your account through TikTok’s infrastructure.”
“Think about bad actors, this [could be] a big problem, a huge problem,” Vanunu says in a phone interview discussing the research.