Major security vulnerabilities within the infrastructure of one of the world's most popular video-sharing apps have just been detected. A report from a cybersecurity firm confirmed that multiple security flaws were found on the Chinese popular video-sharing app TikTok.
Online security firm Check Point published a report this week outlining the vulnerabilities it had found on the TikTok platform. According to the company, the multiple vulnerabilities that it found could potentially allow hackers to take full control of existing TikTok accounts and change their contents. This includes deleting and uploading videos. Using the flaw, hackers could apparently also access sensitive information such as private email addresses.
The publishing of the report comes at a very delicate time for ByteDance, the owner of the popular video-sharing app, which is currently being accused by US lawmakers of being a national security threat. The recent revelation could potentially strengthen the argument; one that could lead to a full ban on the mobile app in the United States.
The vulnerabilities discovered by Check Point involved exploiting the app's ability to send text messages to existing TikTok users. Hackers could use the feature to send messages with malicious links to other TikTok users. Once clicked, the hackers can then hijack the user's account, taking full control of it without the user's knowledge.
Check Point revealed in its report that it had disclosed its finding s to TikTok immediately after it discovered it. ByteDance then released a patch to address the issue. TikTok then released its own statement following the release of Check Point's report stating that it was committed to protecting its users' data.
The company thanked Check Point for immediately approaching them regarding the issue. TikTok then mentioned that it is urging other security researchers to privately disclose any vulnerability they discover to help further secure the platform.
While the vulnerabilities may have already been fixed, the fact that they had existed in the first place right under the company's nose is still a pressing issue. The patch that was released will likely do little to temper the possible backlash from US lawmakers. ByteDance is currently the subject of a Committee on Foreign Investment probe in the US.
The company is also under a national security review over lapses in its Musica.ly mobile app, which it bought back in 2017. The probes against the company originally stemmed from accusations that the Chinese government could potentially force the company to gain access to its billions of user-profiles and user data.
