TikTok app

TikTok Fixes Cybersecurity Flaws That Could Have Allowed Hackers to Upload, Delete Videos

Following the disclosure of several security issues, TikTok issued a patch to ensure that user privacy was protected.

  • By Haley Samsel
  • Jan 09, 2020

After a team of Israeli cybersecurity researchers discovered a number of security issues with the popular video app TikTok, the company has taken steps to fix the cybersecurity flaws and ensure that hackers are not able to access personal user information.

The researchers, from Check Point Research, published a report on Wednesday that demonstrated how hackers could upload or delete videos off of user accounts and access personal user information, such as email addresses and birthdays. Most shocking was the fact that the researchers were able to manipulate the links sent to users by text when they signed up for a TikTok account.

Once the user clicked on the link, hackers would be able to control the account, NBC News reported.

“Check Point researchers learned that a hacker can force a TikTok user onto a web server controlled by the hacker, making it possible for the attacker to send unwanted requests on behalf of the user," the research team wrote in a press release.

There was no indication that a hacker took advantage of the flaws before the researchers notified TikTok of the issues in November.

“Check Point Research informed TikTok developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the TikTok app,” the firm wrote.

In response to the report, Luke Deshotels, who works for TikTok’s security team, said in a statement provided to CheckPoint that TikTok encourages researchers to privately disclose vulnerabilities to the company so that they can be fixed before the flaws are public.

“Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app,” Deshotels said. “We hope that this successful resolution will encourage future collaboration with security researchers.”

TikTok has faced frequent scrutiny from security experts and lawmakers over the past year who are concerned over the app’s Chinese ownership. ByteDance, the Chinese company that owns TikTok, has been accused of censoring content considered offensive to China and collecting user data that can then be shared with the government.

The Department of Commerce is currently conducting a national security review of ByteDance’s purchase of American app Musical.ly, TikTok’s precursor. In addition, the app paid a multi-million dollar fine in 2019 to settle accusations that it violated the Children’s Online Privacy Protection Act by collecting personal information about kids without requiring parental consent.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • UL Solutions Launches Artificial Intelligence Safety Certification Services

    UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now

  • ESA Announces Initiative to Introduce the SECURE Act in State Legislatures

    The Electronic Security Association (ESA), the national voice for the electronic security and life safety industry, has announced plans to introduce the SECURE Act in state legislatures across the country beginning in 2025. The proposal, known as Safeguarding Election Candidates Using Reasonable Expenditures, provides a clear framework that allows candidates and elected officials to use campaign funds for professional security services. Read Now

    • Guard Services

  • Ransomware Attacks Rise for the First Time in Six Months

    Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.