New TikTok Vulnerability Could Have Exposed Users’ Private Videos

Tiktok, the China-based video-sharing app, has become an entire phenomenon among the people in India and the US. In November, the app hit more than 1.5 billion downloads on Android and iOS devices.

But a new security flaw in the TikTok app could have jeopardized the data of those billion users if it wasn’t patched in time.

Cybersecurity research firm Check Point Research discovered several vulnerabilities that could have allowed hackers to gain control of TikTok users’ personal data.

The vulnerabilities enabled hackers to send spoofed links on behalf of TikTok itself. Clicking on the malicious links would have allowed hackers to take partial control of the user’s account.

This would include changing the settings of private videos to public, uploading videos from the hacked account and retrieving private information of users through TikTok’s website.

Check Point Research posted about the exploits on Wednesday. However, the Israel-based firm first notified ByteDance, TikTok’s parent company, back on 20th November. TikTok claims that it fixed the vulnerabilities by December 15th 2019.

Heating things up

Despite TikTok’s immense popularity and usage, the app has faced a lot of criticism over the last year. Primarily, developers have been hammered over TikTok’s removal of users’ videos having content contradicting the opinions of the Beijing government.

Apart from that, several US lawmakers have expressed concerns that TikTok might be involved in collecting user’s data and feeding it to the Chinese government.

Last February, TikTok agreed to pay $5.7 million in fines to settle a complaint which argued that it illegally collected personal information from minors.