An Israeli cybersecurity company discovered a glaring vulnerability in the popular social media app TikTok that could have produced disastrous results, while TikTok has patched the glitch out of its software, concerns and skepticism remain regarding the controversial company.
Tel-Aviv based cybersecurity firm Check Point (NASDAQ: CHKP) found the flaws in the popular social media app and discovered that key security vulnerabilities could have potentially allowed hackers to users' accounts, allowing for the manipulation of submitted videos, as well as access to personal information. Other vulnerabilities were found on TikTok's website; users can send text messages with download links to themselves through the app's website; however, hackers could have taken advantage of this to send users malware.
Check Point notified TikTok of the vulnerabilities in November, the app's security team worked throughout the next few weeks before finally patching out the vulnerabilities in December. The vulnerabilities were very numerous, and many were far-reaching, all of which are documented on Check Point's blog post regarding their investigation. The news of the vulnerabilities didn't seem to surprise many cybersecurity experts. "I would expect these types of vulnerabilities in a company like TikTok, which is probably more focused on tremendous growth, and on building new features for their users, rather than security," said research head Chris Hebeisen of the cybersecurity firm Lookout.
"Data is pervasive, and our latest research shows that the most popular apps are still at risk," Oded Vanunu, a research head at Check Point, commented. "Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface. Malicious actors are spending large amounts of money and time to try and penetrate these hugely popular applications -- yet most users are under the assumption that they are protected by the app they are using."
Social Media apps, and tech companies in general, have been under increasing scrutiny from governmental authorities worldwide as of late due to privacy concerns. In the United States, TikTok is being scrutinized more closely than others. Members of Congress have stated concern over the app due to owner ByteDance being a Chinese firm, and the fact that it TikTok's Chinese app, Douyin, is heavily censored by the Chinese Government doesn't help ByteDance's case with Congress. Concerns of private data being shared with the Chinese Government have been addressed by ByteDance, but the recent security breach will likely stoke Congress' ambitions to investigate the company more closely.