The social video app TikTok has been branded a potential security threat for its ties to China—the app is owned by the Beijing-based company ByteDance—but like any piece of software it also has the potential for more immediate security concerns. Recently patched vulnerabilities in the app could have allowed an attacker to take over TikTok accounts, add or delete videos, and expose private data like user information or videos marked "hidden."
Researchers from the security firm Check Point first disclosed the bugs to TikTok in late November, and the company patched all of them on iOS and Android by the end of December. The findings come, though, as Congress has held hearings and called for investigations in recent months over the possibility that the app poses a national security risk. And the US Army and Navy both banned the app from their devices at the end of 2019, calling it a cyber threat. All software has bugs, and a few vulnerabilities doesn't show that TikTok is at all malicious. But the findings show that the social media app of the moment merits more scrutiny.
"The goal of our research was really to understand what is the the level of security and privacy that TikTok is providing," says Oded Vanunu, Check Point's head of product vulnerability research. "Once we finished the review and understood that we could easily manipulate the accounts, we said let’s stop here and share the information. We hop ..
Support the originator by clicking the read the rest link below.
