Israeli cybersecurity research firm found serious Vulnerabilities in TikTok. Found this vulnerability last November 20 and it was fixed by TikTok developers on December 15. hackers manipulate user data, expose personal information and send users malicious links.

T

ikTok,

one of the fastest-growing social network app in the world, fixes a bug last December that lets hackers manipulate user data, expose personal information and send users malicious links.

Serious Vulnerabilities in TikTok

"Check Point" found serious vulnerabilities in most popular video app TikTok. An Israeli cybersecurity firmfound serious vulnerabilities in most popular video app

TikTok was notified about the Vulnerabilities on November 20 last year and fixed all of the vulnerabilities discovered by Check Point cybersecurity researchers on December 15.

As reported by the Checkpoint by a blog post today,

The vulnerabilities noted by the Checkpoint security researchers that allow attackers to do the following:





Get hold of TikTok accounts and manipulate their content.

Delete videos.

Upload unauthorized videos.

Make private “hidden” videos public.

Reveal personal information saved on the account such as private email addresses.





TikTok Vulnerabilities found by Check Point: In its research, Check Point found some serious vulnerabilities they are:





SMS Link Spoofing:

It was possible to access the mobile numbers of TikTok users that is a mandatory requirement while signing up. These numbers could then be used to send spoof texts and make them appear to come from TikTok. Sending fake links via these messages could then let hackers get access to parts of the user’s account that’d let them upload, delete or delist videos. Legitimate SMS message.

Using TikTok’s website, hackers could send users a message to download the app, but with a malicious link. Through manipulated javascript code attackers could control a user’s profile when they click on the link sent through SMS. It is also reported that TikTok was vulnerable to attacks that inject malicious code into trusted websites and that Check Point researchers were able to retrieve users' personal information, including names and dates of birth.

TikTok's Spokesperson & the head of security Luke Deshotels said in a statement that: