21.4 C
New York
Wednesday, March 3, 2021

Latest Posts

Samsung Galaxy Tab S3 Wi-Fi: the full review 2020

With its Galaxy Tab S3, Samsung intends to walk on Apple's borders by competing with the iPad Pro 9.7 inches. Indeed, the two devices...

iPhone 11 is a bestseller in several markets!

As soon as Apple published the results for the second fiscal quarter of 2020, the company...

Xiaomi is conquering Western Europe. You’ve already thrown Huawei off the podium!

We had known for a long time that Xiaomi had arrived to stay in Europe, betting...

Intel Core 9th Generation: Laptop versions also reach 5GHz

The 9th generation Intel Core processors have been known since October. Then the i9-9900K became the...

TikTok: app crash exposed users’ private data

The TikTok application can expose users’ private data due to a vulnerability found in the “Find Friends” function. The alert was given by the agency Check Point, which has already been questioning the weaknesses of the popular app.

The social network has been acquiring more users – with more than 1 million active users in UK – aggregating various data and private information. Unfortunately, since the beginning of January, the TikTok app has compromised user safety.

Private user data was exposed on TikTok


Exploitation of this security vulnerability may result in the sharing and misuse or malicious use of personal data. At stake are information such as the number from phone, photos profile, the avatar, name TikTok user information, among other data.

Among these data, there were also some account definitions that determine whether a user follows other accounts or not, or whether his profile is private.

Although useful to find new users by sharing the telephone contact, the “Find Friends” function in TikTok contained a vulnerability that allowed improper access to sensitive account information.

More specifically, security problems allowed an attacker to access other people’s accounts, being able to download or make videos public, as well as extract personal information. However, ByteDance, the responsible company, was alerted.


Exploring the TikTok vulnerability in 4 steps:

  1. Create a list of the devices (device IDs) that will be used to query the TikTok servers.
  2. Create a list of session tokens (each session token is valid for 60 days) that will be used to query the TikTok servers.
  3. Ignore the subscription mechanisms by HTTP message, instead using a dedicated service, run in the background.
  4. Chain everything, modifying HTTP requests, declining them and using various session tokens and device IDs to bypass TikTok’s protection mechanisms.

The failure was reported to those responsible for TikTok who, however, have already provided a patch update. We advise users to update app through the Google Play Store and App Store for Android and iOS, respectively.

4gnews editors recommend:

*The article has been translated based on the content of https://4gnews.pt/tiktok-app-expos-dados-dos-utilizadores/ by 4gnews.pt
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article. If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!

Latest Posts

Samsung Galaxy S21 FE: this could be the design of the smartphone

Despite the reticence on the reasons for the existence of the Samsung Galaxy S21 FE, the...

Google TV will receive news that will dispense with the physical command

One of the great new features of the new Chromecast with Google TV is the inclusion...

Apple won’t make the change that many ask for on the iPhone

IPhone users and fans have been calling for reform of the Lightning entrance for several years....

The best deals today on Amazon: robot vacuum cleaner, Xiaomi phone and more

Teckin surveillance cameras We have told you many times that security cameras are the order of the day and offers (flash) like this only show...

Don't Miss

Samsung Galaxy A72: know the specifications of your revolutionary camera

There is a strong possibility that Samsung will present the first mid-range for 2021 as early...

Microsoft – Windows 10 is already used more than Windows 7 in the US

Windows 10 is Microsoft's latest operating system, but after it launched in 2015, it still doesn't...

The best for your living room: Smart TV with OLED technology

OLED technology: what is it and why is it so expensive? Follow them OLED define the technology Ā«Organic Light-Emitting DiodeĀ», which in English means Ā«organic...

The Haunting of Bly Manor arrives in 2020 on Netflix!

The Haunting of Bly Manor is the name of season two of The Haunting of Hill...

Samsung Galaxy S30 (S21): new sensor could be present in the high-end smartphone

Samsung has just registered the name Samsung Vizion. This name will be adapted to its new...
%d bloggers like this: