From deleting videos to accepting follower requests, research released by cybersecurity research firm Check Point Research (CPR) on January 8 exposed security flaws in the popular video-sharing mobile app TikTok. CPR also mentioned that it had informed TikTok of the vulnerabilities and that TikTok had deployed solutions to all these problems. Key findings It was possible to send any message to any phone number on behalf of TikTok (SMS spoofing): TikTok's main website allows users to send an SMS message to themselves in order to download the application. Attackers could capture such a request made by a user and change parameters for their own purposes. For instance, this made it possible to send malicious links to any phone number on behalf of TikTok. Hackers could send requests on behalf of the users: CPR found that the Android version of the app has a "deep links" functionality that makes it possible to invoke intents in the app via a browser link. Attackers could use the SMS spoofing vulnerability to send links to the users which then made it possible for attackers to send requests on behalf of the user. Hackers could redirect the victim to a malicious website by sending a legitimate-looking login (SMS Spoofing) link derived from Tiktok’s domain: https://login.tiktok.com. Basically, after clicking a legitimate-looking TikTok link, a security lapse in the system allowed users to be directed to any malicious page/website that the hacker wished them to go to as long as the redirection link had "tiktok.com" as its ending. For instance, this means that…
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...