Experts Response On TikTok Vulnerability To Let Hackers Access Users’ Videos

It has been reported that multiple vulnerabilities have been found within video sharing app TikTok. Security researchers found that it was possible to spoof text messages to make them appear to come from TikTok. Once a user clicked the fake link, a hacker would have been able to access parts of their TikTok account, including uploading and deleting videos and changing settings on existing videos from public to private. The researchers also found that TikTok’s infrastructure would have allowed a hacker to redirect a hacked user to a malicious website that looked like TikTok’s homepage. This could have been combined with cross-site scripting and other attacks on the user’s account.


EXPERTS COMMENTS
Greg Wendt, Executive Director ,  Appsian
January 10, 2020
Organizations must understand that in a connected, global economy - a person’s identity is ultimately the perimeter of an application.
As long as its economically viable to steal identities – hackers will constantly look to evolve their tactics. This is especially troubling with mobile apps, where users are conditioned to receive notifications and alerts via SMS. If a hacker has your phone number, they essentially have a highly effective channel for corrupting your credentials (for a multitude of apps.) Organizations must und ....
[Read More >>]
Robert Prigge, CEO,  Jumio
January 10, 2020
This TikTok vulnerability raises the question of whether similar security issues can be used to exploit 2FA in the future.
SMS is often used by two-factor authentication solution providers but this is highly problematic, and we’ve seen time and time again that SMS codes can and have been hijacked or intercepted by bad actors and malware. This TikTok vulnerability raises the question of whether similar security issues can be used to exploit 2FA in the future. If so, that’s a scary prospect, and this is why we conti ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
January 09, 2020
Auto updates are always the best way to keep up to speed with apps like TikTok.
Malicious actors are always looking for vulnerabilities, so TikTok should not be shamed for being targeted. The fact that they are taking ownership and offering quick support updates to mitigate the risk to their users is a positive step that should be commended. One of the main vulnerabilities in question involved hackers being able to access phone numbers and send texts, which should serve as ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
January 09, 2020
With 40% of TikTok users being between 10-19, the ability for this user base to detect or understand the implications.
With 40% of TikTok users being between 10-19, the ability for this user base to detect or understand the implications of any scam are limited. Developers of apps targeting or popular with teens then have a social responsibility to protect their install base from threats designed to harvest their data or scam them. While TikTok was able to patch the issues identified by Check Point Research, during ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article