Many security flaws affect Internet services, and many are difficult to find and remove.
Check Point Research found a number of security flaws on TikTok and on its website, allowing an attacker to check someone else’s account, delete his videos, upload unauthorized videos, make private materials public, and disclose a user’s personal information, including private address and e-mail.
As TikTok is one of the most popular apps, that would be bad enough. But most worrying, is the large amount of security flaws found during this research.
In one of these flaws, bad actors were allowed to send SMS on behalf of TikTok.
“Please update the system immediately” was one of the received SMS, while the link contained in it was sending a malicious application.
There were other drawbacks, some of which required concrete amounts of technical knowledge to fix, but looking at the security level at TikTok is generally a bit strange.
Last year, TikTok has been in the spotlight, as the company that owns it has been collecting data from young users.
US military forces are banned from using the app, and TikTok has also violated many European laws.