Skip to main content

Critical TikTok Flaw — Let Hackers Hack Any TikTok Account by Sending SMS

Critical TikTok Flaw — Let Hackers Hack Any TikTok Account by Sending SMS

TikTok is a very popular 15-second video-making app. TikTok has 1.3 billion+ users worldwide. In the last few months, TikTok is in news because of security risk.

In December 2019, a lawsuit has been filed against TikTok because TikTok secretly sent users sensitive private data & PII number to Chinese servers including draft videos.

Recently, the U.S Army also announced bans from using the TikTok app for soldiers in government phones. The ban on using the TikTok app comes as the TikTok app may be used for surveillance.

Flaws Found in TikTok App

Security researchers from Check Point firm found multiple flaws with the TikTok app that allows hackers to perform the following thing on any TikTok account :

  • Modifying the user content
  • Upload videos
  • Delete videos
  • Change video from private to public
  • Fetch sensitive personal information


Multiple vulnerabilities found that include :

  • SMS Link Spoofing
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Open Redirection
  • Sensitive Data Exposure

So, by combining all the above flaws a hacker can take full control of any TikTok accounts.

Critical TikTok Flaw — Let Hackers Hack Any TikTok Account by Sending SMS

Someone can also download the TikTok app from the SMS link because the official website of the TikTok has an option to send an SMS to any number. So, a hacker can change the download link to a different link and they can capture the HTTP request by using a proxy tool.

Critical TikTok Flaw — Let Hackers Hack Any TikTok Account by Sending SMS

So, instead of the original download link user will get a spoofed download link in SMS.

Critical TikTok Flaw — Let Hackers Hack Any TikTok Account by Sending SMS

Due to deep links functionality of the TikTok app, users can directly reach to a specific destination within the TikTok app.

The Login Redirection process of TikTok also found to be vulnerable because it allows hackers to do a redirection to anything with tiktok.com. A cross-site scripting flaw was discovered in the ads.tiktok.com site.

Hackers can also execute JavaScript code and perform an action on behalf of the user without his/her knowledge due to a lack of anti-Cross-Site request forgery mechanism.

Above all flaws have been reported to TikTok by Security researcher of Checkpoint firm and all flaws have been fixed immediately. Android and iOS users of the TikTok app are advised to update the app to the latest version.

If you have any questions related to the critical TikTok flaw and also want to share your views on this flaw then please mention in the comments box and I will get back to you.

Comments

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik

Facebook, Instagram and WhatsApp Down : Apps Crash For Users Worldwide Including In India

If you are facing problems with Facebook , Instagram , and WhatsApp on your device then you are not alone. Suddenly, the service of Facebook, Instagram, and WhatsApp's are facing technical problems since late evening on Wednesday. Users are facing these types of problems on Facebook :- While using Facebook, Users are facing problems in loading images, loading videos, and loading all other data across its apps while some users were unable to load photos on Facebook News Feed. On the Twitter platform, Facebook said that it is aware of the issue. Users are facing these types of problems on Instagram :- On Instagram (just like Facebook apps), the issues appear to be limited only to a certain part of the site. Many users report an issue to Instagram that their feed might not load, also it is not possible to post anything new (images, videos, stories) into it. If a user tries to post anything new (images, videos, stories) brings up an error indicat