A serious security flaw in the TikTok application detected the Israeli cybersecurity company Check Point Research, through which strangers were able to manipulate their users' data and upload videos.
The vulnerability allowed criminals to supplant the Chinese social network and send an indeterminate amount of text messages with malicious links, through which they were able to access the accounts.
In November 2019, Check Point Research warned the affected company in particular, that it implemented changes to its servers and launched updates.
TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-vulnerabilities, said Luke Deshotels, a member of the TikTok security researchers team.
Prior to public disclosure, Check Point agreed that all reported problems were patched in the last version of our application. We hope that this successful resolution will foster future collaboration with security researchers, ”he added.
The error originated in the download link request function on the TikTok website. Due to a programming failure, hackers were able to access the company's official SMS channel and, instead of the download link, forward a malicious one to users.
Those who clicked on it, without knowing it, ended up giving up access to a variety of private sections of their account. Once inside, the hacker was able to upload videos, show private posts, delete files and view personal information, such as email addresses, among other functions.
Check Point could discover another vulnerability that may have allowed hackers to gain access to the database of millions of TikTok users by inserting a malicious code into the official website. The firm's researchers managed to recover the private data of the accounts, including their names and birth dates, inform Digital Trends.