Cybersecurity Firm Find Flaws In Chinese App Tiktok


01/09/2020



A new report by a research firm has claimed that there are “multiple” security vulnerabilities in the popular Chinese video sharing app TikTok which has gained huge popularity in many market such as the United States and India. 
 
It would be possible for hackers to gain access and control of TikTok accounts and manipulate the content because of certain flaws in the app which has been identified by the cybersecurity firm Check Point, it said. The report from the firm further claimed that the vulnerability could also allow hackers access to personal information of account holders such as a private email address which could then be made revealed. 
 
This report comes at a time when there is increased skepticism – especially in the US, about the link of the owner company of the app with the Chinese government agencies which has given rise to concerns of espionage and national security. Tiktok us owned by Chinese company ByteDance and analysts expect that this report by the cybersecurity firm will further enrage the debate and the argument specifically from politicians in the US who claimed that it is a threat to the security of the US.
 
The vulnerability in the system of the app could allow a hacker to send a standard text message to any phone number on behalf of TikTok, found the cybersecurity firm. It further found that users are allowed to send a text message to themselves so they can download the app through a function that is present in the own site of the app.
 
However the report stated that hackers could send a malicious link after hacking into the system and then sending a fake text message to a number pretending it to have been sent by the app. And then hackers could take control of the account once users clicked on the link.
 
Further, a malicious code could also be inserted by hacker through vulnerability in a TikTok web domain. This was used to retrieve personal information of users.
 
The findings have been communicated to TikTok and they have been patched, Check Point said.
 
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us,” Luke Deshotels of TikTok’s security team said in a statement. “Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
 
However analysis believe that concerns of US lawmakers are not likely to be allayed by the security patch of done by Tiktok because they have claimed that the app could be a threat to national security. Additionally, the acquisition of Musica.ly by TikTok, which was done in 2017, is also being reviewed over national security issues by a Committee on Foreign Investment in the United States, or CFIUS.
 
(Source:www.cnbc.com)