TikTok fixes a number of ugly security flaws
It's nice when an online service promptly fixes security flaws. But sometimes the bugs themselves are so egregious that you have to wonder what other dangers lurk in that code.
Case in point: video sharing app TikTok.
Security company Check Point Research found a number of security issues in the TikTok app and on its website, potentially allowing an attacker to control someone else's account, delete their videos, upload unauthorized videos, make private videos public and reveal a user's personal information, including their private email address.
You May Also Like
TikTok being one of the most popular apps out there, this would be pretty bad. But, again, it's the amount and the type of bugs found that's more worrying.
One issue allowed bad actors to send an SMS message to any phone number in the name of TikTok. Basically, with some fairly simple code tweaking, an attacker could've sent an SMS of the type: "Please download this urgent update," with a link leading to a malicious app, and have the SMS actually arrive from TikTok. Ugh.
A different bug allowed an attacker to execute JavaScript code on behalf of the victim, and combining the two bugs allowed an attacker to perform actions on the victim's account without consent.
There were other bugs, and some required a fair amount of technical knowledge to exploit, but line them up and it feels like TikTok's security is, overall, more than a little sloppy.
"Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers," TikTok told BBC in a statement.
The company said there's no indication that an attacker actually exploited any of these bugs prior to this disclosure.
TikTok made headlines last year when its owner, China's ByteDance, was fined by the FTC for illegally collecting children's data. The app was banned by the U.S. army due to cybersecurity concerns, and it's under investigation in the EU for how it handles children's data.
Topics Cybersecurity Social Media TikTok
Stan is a Senior Editor at Mashable, where he has worked since 2007. He's got more battery-powered gadgets and band t-shirts than you. He writes about the next groundbreaking thing. Typically, this is a phone, a coin, or a car. His ultimate goal is to know something about everything.
