Mobile app TikTok had a number of vulnerabilities through which attackers could gain access to accounts and personal information of users; the company has warned about the threat, she released the appropriate update, the message says research firm Check Point Research.
“Attackers can send SMS to the victims with malicious links. When the user navigates to this link, the cyber criminals could take his account TikTok. Then he could delete the video from your account, to download unauthorized videos to make hidden video public”, – the document says.
Experts have found that the subdomain Tiktok https://ads.tiktok.com was vulnerable to attacks from XSS (malicious scripts are embedded in other trusted web sites). This vulnerability can be used to retrieve personal information saved in user accounts, such as email addresses, dates of birth.
“Check Point Software Technologies has informed developers TikTok on identified vulnerabilities. Already released an update that allows users to safely use the app TikTok”, – stated in the message.
“Attackers are looking for vulnerabilities in applications for social networks, since they are the source of personal data. To obtain confidential information, criminals spend a lot of money and considerable efforts. However, most users think that they are protected by the applications they use”, commented the head of Check Point Software Technologies research security vulnerabilities of products Oded Vanunu.
TikTok is a popular youth social network that allows you to create short music videos, live broadcasts and share posts. The TikTok app is available in over 150 markets, used by more than 1 billion users. The authorities of some countries impose social claim. So, in April in India, the court imposed a ban on TikTok, deciding that the network promotes pedophilia and pornography, the ban was lifted after removal of malicious content. In the U.S., the social network was fined for violating the law on the protection of children’s privacy on the Internet.