Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
TikTok has become incredibly popular in recent months, but security concerns have not been spared either. Check Point specialists have identified multiple vulnerabilities in the corresponding application.
According to the researchers, the attacker can control the victim's accounts, as well as gain access to personal data: names, email addresses and dates of birth.
Recall that the number of TikTok users worldwide exceeds a billion - this is how many times the application has been downloaded on Android and iPhone devices. Due to the existing holes, the privacy and security of all people who downloaded the program are at risk.
The Check Point team is currently not sure if the vulnerabilities are being exploited in real attacks, but experts are working with the TikTok developers to fix security issues.
One of the vulnerabilities found affects TikTok's SMS capabilities. For example, the service allows users to send themselves a text message with a link to download the application, but an attacker could use this procedure for their own purposes.
To successfully carry out such an attack, the perpetrator must know the victim's phone number. At the same time, the attacker himself will not reveal his identity in any way during the exploitation of the gap.
As a result, an attacker can edit the link in the message, replacing it with a malicious URL. After receiving such an SMS, the victim will follow the link, since he is unaware of the attack, after which a malicious program will be installed on the device.
