New TikTok vulnerability discovered that would allow access to sensitive user data, including identity and phone number theft
Phone numbers, nicknames and profile pictures of users exposed on TikTok.
After the blockade ordered by the Italian Privacy Guarantor , another tile hits the short video app owned by the Chinese ByteDance.
It is a security vulnerability that cybercriminals could exploit to compromise the profiles of millions of users and steal personal data and identities.
Check Point Software Technologies researchers discovered the flaw in the 'Find Friends' function of the TikTok app. If left without updates, they explain, “it allows you to bypass the privacy protections created to defend users, giving the possibility to build a database to be used for illegal activities”.
However, there is no evidence that the vulnerability was ever exploited.
In addition, TikTok has already released an update to fix the vulnerability of the most popular social network among the very young.
All the details.
WHAT THE CHECK POINT RESEARCH RESEARCHERS HAVE DISCOVERED
Check Point Research, the Threat Intelligence division of Check Point Software Technologies, announced that it has identified a new vulnerability in the TikTok app.
The researchers are the same ones who between 2019 and 2020 had identified another flaw in the TikTok videos, also later corrected.
THE FAULT IN TIKTOK
"This vulnerability could have allowed an attacker to build a detailed user database and perform a variety of criminal activities such as spear phishing," the Check Point researchers explain.
"If left unpatched, the vulnerability would allow a hacker to access a user's profile details and even the phone number associated with their account, giving the ability to build a database to use for illegal activities."
INTERESTED USERS DATA
Profile details accessible through this new flaw include – researchers add – phone number, nickname, profile and avatar pictures, unique user IDs and some profile settings, such as the one that allows a user to be a public or anonymous follower.
WHAT TIKTOK SHOULD DO
"Our advice to TikTok users and beyond is to share their personal data only when strictly necessary, and above all to always update the operating system and apps to the latest versions," notes Oded Vanunu, Head of Check Point's Vulnerability Research .
THE COMPANY'S COMMENT
“We appreciate Check Point's work in identifying problems so they can be resolved before they affect users. We continue to strengthen our defenses, both by constantly updating our internal capabilities such as automation defenses, and by working with third parties ”.
The app is present in 150 countries around the world and has over 1 billion monthly active users.
AFTER THE PROVISION OF THE ITALIAN PRIVACY GUARANTOR
It is the second time in a few days that the app has made a name for itself. On January 22, the Privacy Guarantor ordered "the immediate blocking of the use of data of users for whom the age of the registry has not been securely ascertained".
The decision comes after the death of a child from Palermo which probably occurred – the investigations by the Prosecutor's Office are still underway – after an extreme challenge on the social network. The blocking of unverifiable accounts is valid until February 15 pending further evaluations, the platform is still in operation.
WAITING FOR THE IRISH GUARANTOR
And the Irish Guarantor, who has a say in the matter, will have to intervene.
LIGHTHOUSE POINTED ON APP
This report still provides details on the security issues faced by TikTok, which is already under the lens of US lawmakers and authorities and beyond.
Finally, we recall that at the beginning of January the Trump administration appealed against the decision of a federal court that allows TikTok to continue operating in the US, despite the move by the American government to block the Chinese application for reasons of national security. According to the tycoon, the company that owns TikTok, ByteDance, could use the short video app to spy on and spread disinformation on behalf of the Beijing government.
But with the new administration taking office in Washington, it is now up to the new president Biden to decide on the TikTok dossier.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/tutti-i-dettagli-sulla-nuova-falla-in-tiktok/ on Wed, 27 Jan 2021 10:39:41 +0000.