Sri Lanka Consulatela

News Updates Sri Lanka

TikTok, new flaw discovered

Check Point experts warn: “Risk of identity theft and sensitive data of millions of users”

A new vulnerability in TikTok has been discovered that would allow access to sensitive user data, including identity and phone number theft. Check Point Research, the Threat Intelligence division of Check Point® Software Technologies announced that it has identified a new vulnerability in the Chinese app designed by Zhang Yming, after he had already discovered another one between 2019 and 2020.

According to reports from the global cybersecurity solutions player, the new flaw, “found in TikTok’s ‘Find Friends’ function, would allow you to bypass the privacy protections created to defend the app’s users”. “If left unpatched, – the Check Point researchers explain – the vulnerability would allow a hacker to access a user’s profile details and even the phone number associated with his account, giving the possibility to build a database to use for illegal activities “.

Experts warn that the profile details accessible through this flaw include the phone number, nickname, profile and avatar pictures, unique user Ids and some profile settings, such as the one that allows a user to be a public or anonymous follower.

Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research, explained that “our logic this time around was to test TikTok’s privacy. We were curious if the platform could be used by hackers to obtain data. Private users and the answer is yes, as we were able to bypass more of TikTok’s defense mechanisms. “Vanunu commented that “this vulnerability could have allowed an attacker to build a detailed database of users who, with that degree of sensitive information, would have allowed the attacker to carry out a series of criminal activities such as spear phishing “.” Our advice to TikTok users, and not only, is to share their personal data only when strictly necessary and above all to always update the operating system and applications to the latest versions “suggested the Check Point manager

TikTok said, “The security and privacy of the TikTok community is our top priority, and we appreciate the work of trusted partners like Check Point in identifying potential problems so they can be resolved before they affect users. We continue to strengthen. Our defenses, both by constantly updating our internal capabilities such as investing in automation defenses, and by working with third parties “.