The TikTok application can expose users’ private data due to a vulnerability found in the “Find Friends” function. The alert was given by the agency Check Point, which has already been questioning the weaknesses of the popular app.
The social network has been acquiring more users – with more than 1 million active users in UK – aggregating various data and private information. Unfortunately, since the beginning of January, the TikTok app has compromised user safety.
Private user data was exposed on TikTok
Exploitation of this security vulnerability may result in the sharing and misuse or malicious use of personal data. At stake are information such as the number from phone, photos profile, the avatar, name TikTok user information, among other data.
Among these data, there were also some account definitions that determine whether a user follows other accounts or not, or whether his profile is private.
Although useful to find new users by sharing the telephone contact, the “Find Friends” function in TikTok contained a vulnerability that allowed improper access to sensitive account information.
More specifically, security problems allowed an attacker to access other people’s accounts, being able to download or make videos public, as well as extract personal information. However, ByteDance, the responsible company, was alerted.
Exploring the TikTok vulnerability in 4 steps:
- Create a list of the devices (device IDs) that will be used to query the TikTok servers.
- Create a list of session tokens (each session token is valid for 60 days) that will be used to query the TikTok servers.
- Ignore the subscription mechanisms by HTTP message, instead using a dedicated service, run in the background.
- Chain everything, modifying HTTP requests, declining them and using various session tokens and device IDs to bypass TikTok’s protection mechanisms.
The failure was reported to those responsible for TikTok who, however, have already provided a patch update. We advise users to update app through the Google Play Store and App Store for Android and iOS, respectively.
4gnews editors recommend:
*The article has been translated based on the content of https://4gnews.pt/tiktok-app-expos-dados-dos-utilizadores/ by 4gnews.pt
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article. If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!