Culture

TikTok patches app after security researchers expose massive vulnerabilities

Check Point Research found that the application had "multiple" security bugs.

LIONEL BONAVENTURE/AFP/Getty Images

TikTok can't catch a break. The Chinese-owned short video application is already under scrutiny for raising national security risks in various countries. Now, according to Check Point Research, TikTok has some of its own security issues to deal with. The team’s investigation uncovered multiple vulnerabilities that could easily be exploited by bad actors.

Content manipulation and more — According to Check Point Research, hackers could access the authority of individual and private TikTok accounts. By doing so, they would have carte blanche in terms of deleting original videos and uploading their own clips. They could also change the status of hidden videos to the public.

In addition to uploading unauthorized content, hackers could also publish personal information of TikTok users, like their email addresses.

Pretend you’re TikTok — In one of the more troublesome findings, hackers could send SMS messages to anybody on behalf of TikTok itself. How this could lead to dangerous scenarios is pretty obvious. Bad actors could, for example, pretend to be TikTok, instruct users to download a particular link for under the guise of an update and have people expose themselves to malicious software.

JavaScript code execution — A researcher was also able to execute JavaScript code on an individual account without the owner’s permission. Additionally, TikTok’s landing page for brand promotion and advertisement turned out to be vulnerable to XSS attacks that can expose users to malicious software. It looked like one problem after another.

What TikTok says — The company doesn’t seem too worried. “Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app,” a TikTok spokesperson told the BBC. “We hope that this successful resolution will encourage further collaboration with security researchers.”