Multiple vulnerabilities detected in TikTok fixed2 min read . Updated: 08 Jan 2020, 07:02 PM IST
- During a research, CheckPoint had found multiple vulnerabilities in TikTok
- Researchers had also found several API calls in TikTok subdomains
Researchers at Israeli cybersecurity firm, CheckPoint Research, have found multiple vulnerabilities in short form video platform TikTok which could have been exploited to take control over user accounts, delete videos, upload videos, make private or hidden videos public and reveal personal information such email address.
The vulnerabilities were brought to TikTok’s attention and have already been fixed by Chinese company’s cybersecurity team. “Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," said Luke Deshotels, from TikTok Security Team.
By exploiting these vulnerabilities, attacker can send HTTP GET request with the video id requesting TikTok to delete the videos. Similarly, they can upload a video on user’s page by sending the HTTP POST request on behalf of the user. To make a private video public, attacker will first require the video id of a private video, which is gettable if the attacker is a follower of the user. Using the ID, attacker can change the video privacy settings by sending a HTTP GET request on behalf of the user.
Researchers also found several API calls in TikTok subdomains. By sending requests to some of the APIs revealed sensitive information about the user such as email address, payment information and birth dates.
In a press statement, Oded Vanunu, CheckPoint’s Head of Product Vulnerability Research, warned, social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using.
Hugely popular among teenagers, TikTok boasts over 200 million users in India alone. According to reports, the platform is under scrutiny in US and several agencies including US Navy have prohibited their personnel from using the app.