A new vulnerability in TikTok allows access to sensitive user data, including phone number
Check Point Research (CPR), the Threat Intelligence division of Check Point Software Technologies, the leading provider of cybersecurity solutions globally, has identified a new vulnerability in the TikTok app, after he had already discovered another one at the turn of 2019 and 2020.
The new flaw, found in TikTok’s “Find Friends” feature, would allow you to bypass the privacy protections created to defend app users. If left unpatched, the vulnerability would allow a hacker to access the details of a user’s profile and also their phone number associated with his account, giving the possibility to build a database to be used for illegal activities.
Profile details accessible through this flaw include: phone number, nickname, profile and avatar pictures, unique user IDs, and some profile settings, such as the one that allows a user to be a follower. public or anonymous.
The steps that allowed to exploit the vulnerability
How could the hacker exploit the vulnerability? Here are the various steps:
Communication from the Head of Check Point Research and TikTok
Check Point Researc communicated its findings to ByteDance, the manufacturer of TikTok. Subsequently, an update was released to ensure the safety of TikTok users.
Comment by Oded Vanunu, Head of Products Vulnerabilities Research di Check Point:
“Our logic this time around was to test TikTok’s privacy. We were curious to know if the platform could be used by hackers to obtain users’ private data; and the answer is yes, as we were able to bypass more of TikTok’s defense mechanisms. This vulnerability could have allowed an attacker to build a detailed database of users which, with that degree of sensitive information, would have allowed the attacker to perform a variety of criminal activities such as spear phishing. Our advice to TikTok users, and not only, is to share their personal data only when strictly necessary and above all to always update the operating system and applications to the latest versions. “
TikTok he has declared:
“The security and privacy of the TikTok community is our top priority, and we appreciate the work of trusted partners like Check Point in identifying potential problems so they can be resolved before they affect users. We continue to strengthen our defenses, both by constantly updating our internal capabilities such as investing in automation defenses, and by working with third parties. “
What do you think about it? Let us know in the comments and keep following us on the TechGameWorld.com pages where you can find the latest news and more.