Check Point, a cybersecurity company based out of Israel, recently released research highlighting numerous security flaws in the popular smartphone app TikTok, which is incredibly popular with teenagers and one of the most downloaded apps in the world, according to a report by The New York Times on Wednesday (Jan. 8).
Those vulnerabilities could be exploited to allow hackers to send messages to users containing links that are malicious. If clicked, the links would let the attackers get control of the user’s account and even allow them to upload their own videos and have access to private ones.
A different security vulnerability would allow for malicious actors to get a person’s private info, like name and contact information, from the company’s own site.
“The vulnerabilities we found were all core to TikTok’s systems,” said Oded Vanunu, Check Point’s head of product vulnerability research.
TikTok told the New York Times that it found out about the issues on Nov. 20, and that they were fixed by Dec. 15.
“Available in over 150 markets, used in 75 languages globally, and with over 1 billion users, TikTok has definitely cracked the code to the term “popularity” across the globe. As of October 2019, TikTok is one of the world’s most downloaded apps,” Checkpoint said in a blog post. “The application is mainly used by teenagers and kids that are using this app to create short music clips, mostly lip-sync clips of 3 to 15 seconds and short looping videos of 3 to 60 seconds. The application allows the youth to share, save and keep private (and sometimes very sensitive) videos of themselves and their loved ones.”
TikTok has also been recently scrutinized by regulators and politicians alike because there’s Chinese technology behind the app. Some branches of the military have forbidden the downloading of the app because of security concerns.
ByteDance is TikTok’s parent company, and it was started in China, where every company is beholden to the government, a fact that troubles American authorities, despite the company’s assurances that data is safe.