News

Multiple TikTok Vulnerabilities Could Exploit Or Delete Users’ Personal Data

Social media craze TikTok has now made it to the news owing to security issues. Researchers have found numerous vulnerabilities in the TikTok app that could risk users’ security. Exploiting the bugs could allow an attacker to add or delete users’ videos or alter privacy settings.

Researchers from Check Point Research have found numerous vulnerabilities in the TikTok app. The vulnerabilities could have serious security consequences if exploited by an adversary.

Detailing their findings in a blog post, the researchers stated that numerous security flaws affected the app in different ways.

In brief, a successful attack required a perpetrator to first use SMS spoofing to send malicious links to the target. Clicking on the link would then exploit the ‘deep links’ functionality of Tiktok. This would subsequently allow the attacker to trigger an intent in the app via the browser URL.

Then, the malicious link would redirect the victim to a malicious website, opening the possibilities for cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, and data exposure.


You Might Also Like