A security flaw in China’s TikTok app was found. It lets hackers use text messages to control accounts

If this story didn’t have the word ‘China’ in it then it would be “Bug found, notified, patched, move on”…:

China’s popular video sharing app TikTok had “multiple” security vulnerabilities, according to a new report.

Cybersecurity firm Check Point said it found flaws that could allow hackers to take control of TikTok accounts and manipulate the content, upload and delete videos and reveal personal information such as a private email address.

It comes amid heightened scrutiny of the Chinese-owned platform. The findings will add fuel to arguments, particularly from U.S. politicians, that TikTok — owned by Chinese company ByteDance — is a national security threat.

The cybersecurity firm found that it’s possible to send a standard text message to any phone number on behalf of TikTok. On the app’s own site, there is a function that lets users send a text message to themselves so they can download the app.

But attackers could create a fake text message that appeared to be from TikTok, but actually contained a malicious link. Once users clicked on the link, hackers could take control of the account.

There was also a vulnerability in a TikTok web domain which allowed attackers to insert a malicious code. This was used to retrieve personal information of users.

Check Point said it disclosed the findings to TikTok and they have been patched.


Original article here