Chinese made app TikTok is the latest viral app that is trending around the world. People from all around the globe are lip-syncing and dancing to any video they like. The social media app has become so viral that it has surpassed YouTube and Facebook as the world’s most downloaded app on Google Play and Apple Store.

It has to be noted that unlike YouTube and Facebook, two-thirds of TikTok users are under 30 years old. In addition to that, a quarter of the app’s users and more than 40% of new users are from India. With so many young users on the app, it is imperative to know what the company is doing with all its data and what harm someone can do if that data gets into the hands of a malicious individual.

The research division of Checkpoint has recently published a new article on ways their researchers found to manipulate data going in and from the app. The research done by the company has shed light on the popular social media app and demonstrated the security (or lack thereof) of the company which has already come under scrutiny in recent times. Such are the security threats to the app that for some time, TikTok was banned in India and is still banned by US Navy on government phones as it is considered a cyberthreat.

SMS Link Spoofing

TikTok allows users to download the app by sending a text to themselves with a download link to the app. Attackers who want to meddle with the app data can capture this SMS as shown in the video below. From there, the attacker can change their attack code to manipulate the link in the request and send that link to the user instead thus creating a basic Man-In-The-Middle attack.

Once the user opens the malicious link (which looks exactly like the original link), the attackers can make the user do several things including creating and deleting videos from the user’s account, changing settings and even making private videos to public. This is a major breach in privacy and the company should address these concerns as soon as possible.

Check Point says it notified TikTok’s parent company about the security vulnerabilities and the app has since fixed the problem. But this fix is only applied to the newest version of the app. So if you are one of those people who keep closing your app update notifications, make sure you update it today. App updates are the best way to keep your application secure as app developers are constantly finding flaws and app updates are the only way to roll the fixes out.

Should I stop using TikTok?

The security threats published by Checkpoint Research are grave but credit needs to be given to the app developers too. They acknowledged the security threats and rolled out a fix in a timely manner. We just need to make sure we have updated the app to its latest version from the app store. If you have done that, by all means, you can continue enjoying it.

In addition to updating the app, you can follow the following basic points whenever you download an SMS or a document from a link given to you:

Make sure you recognize the number you are getting the message from. In case of emails, be wary of the complete email address and not just the first few character of the email. Phishing attacks are pretty common in emails (such as the one below) but they are increasing via SMS as well.

2. Do not log in to private accounts (bank accounts etc) when you are connected to Public WiFi at your local coffee shop. These spots are breeding grounds for malicious activity and hackers have been known to install illegal WiFi Pineapple devices that masquerade as the original WiFi name and attracts victims to connect to them.

3. Keep your passwords secure and use a password manager. This way, your passwords will always be hard to crack and you won’t have to remember your passwords.

TikTok is a super popular app and has garnered so much attention that some say it’s even started a new music genre. The risks presented above enforce the essential need for privacy and data security in the cyber world we live in. It is both the company’s and our responsibility to keep our data safe from compromise.

Like this: Like Loading...