Serious TikTok security flaw uncovered – and it's already been patched

(Image credit: Future)

Popular video-sharing app TikTok has revealed details of a new security flaw that could have allowed hackers to access and change user content and personal information.

The social-networking platform, which has over 1 billion users and is a favorite among teenagers worldwide, was found to have multiple serious vulnerabilities in November by cybersecurity firm Check Point Research

The flaws have since been patched, and TikTok says it has no evidence that the vulnerability was ever exploited, or that any breaches to user accounts occurred.

Check Point’s investigation found that attackers were able to send malicious links via SMS to users which appeared to be from TikTok, and if clicked, would exploit a flaw in the app that would allow hackers to delete users’ videos, upload unauthorized videos and make private videos public.

The security researchers also found a separate glitch in which hackers were able to retrieve personal information saved to the account, including private email addresses and payment information.

Check Point informed TikTok of its findings on November 20, and the company reported they had patched all the security flaws by December 15.

It’s not the first time TikTok, owned by Chinese parent-company ByteDance, has come under scrutiny over security shortcomings – in December 2019 the United States Navy banned its personnel from using the smartphone app on government-issued devices, saying it posed a “cybersecurity threat”.

In a prepared statement, TikTok security engineer Luke Deshotels moved to reassure users, saying that the company is “committed to protecting user data”.

“Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app,” Deshotels said.

Head of Product Vulnerability Research at Check Point, Oded Vanunu, says their latest findings highlight that even the most popular apps are at risk of data breaches.

“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate,” he said in a statement.

“Yet most users are under the assumption that they are protected by the app they are using.”

Jasmine Gearie
Ecommerce Editor

Jasmine Gearie is an Ecommerce Editor at TechRadar Australia, with a primary focus on helping readers cut through the jargon to find the best mobile and internet plans for their needs. She crunches the numbers to maintain dedicated guides to the latest phones, NBN and broadband plans of all types, and covers the important telco industry news. She also hunts down tech deals on laptops, phones, gaming consoles and more, so readers know where to buy the products they want for the cheapest prices.