TikTok has a global fanbase and it is the world's fastest-growing social media platform with over 1.2 billion downloads. TikTok is available in over 150 countries and in 75 different languages. But the app's raging success isn't without critics, with various reports calling it a "potential security risk" and posing a risk to users.
As it appears, all the security threats linking to the app weren't entirely baseless. Check Point Research exposed several vulnerabilities in the TikTok app that put millions of users and their privacy at huge risk.
TikTok users at risk
TikTok is a platform that allows users to edit and share short videos ranging from 3 to 15 seconds. The social media app also has the feature to hide some personal videos and share them privately with others. However, the vulnerabilities exposed by Check Point researchers render the privacy feature of the app useless.
The researchers found that hackers could send a spoofed SMS with a malicious link to the user. When the user clicks on the link, the attacker gains control to the TikTok account, granting access to private videos and the ability to do what hackers see fit.
According to the research findings, attackers could manipulate content on the victim's TikTok account, delete their videos, upload unauthorized videos and even make private "hidden" videos public. The vulnerability also lets hackers retrieve private information such as personal email address, payment information, birthdates and more.
"Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using," Oded Vanunu, Check Point's Head of Product Vulnerability Research, said in a statement.
The findings of the research were published in detail on Check Point's official blog.
Should you worry?
Before the findings of the research were made public, Check Point Research notified TikTok developers about the threat that users face. The issue has been fixed but users would need to download the updated version of the app from Play Store or App Store before continuing to use the app securely.
"TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," Luke Deshotels, PhD, TikTok Security Team, said.