TikTok app

TikTok Fixes Cybersecurity Flaws That Could Have Allowed Hackers to Upload, Delete Videos

Following the disclosure of several security issues, TikTok issued a patch to ensure that user privacy was protected.

  • By Haley Samsel
  • Jan 09, 2020

After a team of Israeli cybersecurity researchers discovered a number of security issues with the popular video app TikTok, the company has taken steps to fix the cybersecurity flaws and ensure that hackers are not able to access personal user information.

The researchers, from Check Point Research, published a report on Wednesday that demonstrated how hackers could upload or delete videos off of user accounts and access personal user information, such as email addresses and birthdays. Most shocking was the fact that the researchers were able to manipulate the links sent to users by text when they signed up for a TikTok account.

Once the user clicked on the link, hackers would be able to control the account, NBC News reported.

“Check Point researchers learned that a hacker can force a TikTok user onto a web server controlled by the hacker, making it possible for the attacker to send unwanted requests on behalf of the user," the research team wrote in a press release.

There was no indication that a hacker took advantage of the flaws before the researchers notified TikTok of the issues in November.

“Check Point Research informed TikTok developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the TikTok app,” the firm wrote.

In response to the report, Luke Deshotels, who works for TikTok’s security team, said in a statement provided to CheckPoint that TikTok encourages researchers to privately disclose vulnerabilities to the company so that they can be fixed before the flaws are public.

“Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app,” Deshotels said. “We hope that this successful resolution will encourage future collaboration with security researchers.”

TikTok has faced frequent scrutiny from security experts and lawmakers over the past year who are concerned over the app’s Chinese ownership. ByteDance, the Chinese company that owns TikTok, has been accused of censoring content considered offensive to China and collecting user data that can then be shared with the government.

The Department of Commerce is currently conducting a national security review of ByteDance’s purchase of American app Musical.ly, TikTok’s precursor. In addition, the app paid a multi-million dollar fine in 2019 to settle accusations that it violated the Children’s Online Privacy Protection Act by collecting personal information about kids without requiring parental consent.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • The Next Generation

    Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now

  • Help Your Customer Protect Themselves

    In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now

  • Enhanced Situation Awareness

    Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now

  • Transformative Advances

    Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now

Most   Popular

Featured Cybersecurity

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3