SUMMARY
Multiple loopholes allowed potential hackers total control over TikTok accounts
Hackers could collect confidential information from users via SMS containing a malicious link
India is one of its biggest markets with over 300 Mn active users
Chinese short video app TikTok has confirmed fixing a vulnerability in its app that allowed hackers to manipulate content, delete videos, upload unauthorized videos, make private ‘hidden’ videos public and extract confidential information of users via SMS containing a malicious link.
US-based cybersecurity firm Check Point Research exposed the vulnerability — its team discovered multiple loopholes which a potential hacker can use to conduct the attack which gives total control over TikTok accounts.
Inc42 reached out to ByteDance, which runs TikTok, to understand the extent of vulnerability of the breach and how it affected users in India. The company did not responded till the time of publishing.
Currently, TikTok has more than one billion monthly active users across its apps, with India being one of its biggest markets with over 300 Mn active users. India is also one of the fastest-growing markets for TikTok, but the recent breach brings the safety of Indian users into question, many of whom are young adults and teenagers, as well as new users unfamiliar with security threats.
TikTok Security And Privacy Issues
The Check Point Research had also found that the TikTok advertisements subdomain was vulnerable to Cross-Site Scripting (XSS) attacks. This type of attack uses malicious scripts that are injected into trusted websites. Once a user clicks on this, an attacker could access personal information saved on user accounts, including email addresses, birth dates using this vulnerability.
This also comes at a time when TikTok was forced to sell the majority stake in order to remain in the US, which is one of the prominent markets. If the sale happens, the parent company ByteDance is expected to fetch $10 Bn through this deal, the reports stated. However, the US-China trade war has put TikTok in a bad spotlight.
The US government had reportedly said that TikTok app can be a security threat to the country as it easily supplies user’s data to Chinese authorities under Chinese law. TikTok, however, denied the reports by calling it ‘meritless.’
While the US is alleging the TikTok app for its security threat in the country, India, on the other hand, has been requesting the Chinese short video app for user information. According to TikTok’s transparency report, the Indian government had sent a total of 107 requests to the company demanding user information from January 2019 to June 2019. Out of which, 99 of such requests were legal, and remaining eight of them were recognised as emergency requests by TikTok.
Moreover, the Indian government accounted for 47% of the total requests made globally to TikTok during the same period, followed by the US and Japan with 79 and 35. Also, the Indian government made 11 requests to TikTok to take down content from the platform. The US government had made a total of six requests for content moderation on TikTok.
