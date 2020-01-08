The Jerusalem Post - Israel News Arab Israeli Conflict Israel News Opinion Middle East Diaspora U.S. Politics WORLD NEWS
Israel Elections Gaza News BDS Antisemitism OMG Health & Science Business & Tech Premium Green Israel
Jerusalem Post Israel News

Israeli cyber experts reveal serious security flaws in TikTok

Dr. Luke Deshotels, a security engineer at TikTok, said the company is committed to protecting user data,

By EYTAN HALON  
JANUARY 8, 2020 11:47
Tik Tok logos are seen on smartphones in front of displayed ByteDance logo in this illustration (photo credit: REUTERS)
Tik Tok logos are seen on smartphones in front of displayed ByteDance logo in this illustration
(photo credit: REUTERS)
Multiple vulnerabilities in viral video-sharing application TikTok could enable the exposure of confidential person information and content manipulation, Israeli cybersecurity experts have revealed.
Researchers at Check Point Software Technologies found flaws in the Chinese-developed app, hugely popular among children worldwide, enabling hackers to manipulate user accounts and extract information including dates of birth and private email addresses.
Attackers could send a spoofed SMS message to a user containing a malicious link, researchers said. Once a user clicked on the link, the attacker was able to control their TikTok account and manipulate their content. Attackers were able to delete and upload videos, and also make private or "hidden" videos public, in some cases exposing very sensitive images.
TikTok's marketing website, TikTok Ads, was also found to be vulnerable to cross-site scripting (XSS) attacks, in which malicious scripts are injected into trusted websites. Check Point researchers exploited the vulnerability to retrieve personal information from user accounts, including email addresses and birthdates.
Developed by Beijing-based ByteDance, TikTok has reportedly exceeded 1.5 billion downloads, according to app analysis firm Sensor Tower. In the United States, TikTok was the third most-downloaded app in 2019 after Facebook and Instagram.
"Data is pervasive but data breaches are becoming an epidemic, and our latest research shows that the most popular apps are still at risk," said Oded Vanunu, Check Point’s Head of Product Vulnerability Research.
"Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using."
Check Point informed developers at TikTok of the vulnerabilities, and an update has since been deployed by the Beijing company to fix the flaw.
Dr. Luke Deshotels, a security engineer at TikTok, said the company is committed to protecting user data.
"Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us," said Deshotels. "Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
Following guidance from the Pentagon, the United States Army joined the Navy in banning the use of Tiktok on government-issued smart devices in late December over national security concerns.
The US government launched a national security review of TikTok-developer ByteDance Technology in November, following its $1 billion acquisition of American lip-syncing application Musical.ly in 2017, Reuters reported.


Tags Israel cyber security israel cyber security TikTok
Subscribe for our daily newsletter
Subscribe for our daily newsletter

By subscribing I accept the terms of use

Hot Opinion

Jpost editorial logo Recant, Chief Rabbi By JPOST EDITORIAL
Gil Troy Center Field: Leaders’ credibility chasms By GIL TROY
Say 'no' to antisemitism By LIAT COLLINS
Gershon Baskin Encountering Peace: The next disruptive technology By GERSHON BASKIN
Shmuley Boteach Killing Soleimani was a moral response By SHMULEY BOTEACH

Most Read

1 US assassinates Qasem Soleimani, Iran slams 'cowardly US bombing'
Qasem Soleimani, commander of IRGC Quds Force
2 Soleimani was a monster, wanted atomic cloud over Tel Aviv - German newspaper
Major General Qasem Soleimani (April 2016)
3 The Ottomans are back - what does that mean for Israel?
The Ottomans are back
4 Soleimani's luck couldn't last; this time he met his end (obit-analysis)
Iranian Revolutionary Guard Commander Qassem Soleimani (left) stands on the frontlines during an offensive operation against Islamic State in the town of Tal Ksaiba, in Iraq, in 2015
5 How will Iran retaliate for the assassination of Qasem Soleimani?
Iranian Major-General Qassem Soleimani (L) and Abu Mahdi al-Muhandis, the deputy commander of Iran-backed militias, 2017.
Information
About Us
Feedback
Staff E-mails
Advertise with Us
Statistics
Ad Specs
Terms Of Service
Privacy Policy
Subscriber Agreement
JPost Jobs
Cancel Subscription
RSS feed
The Jerusalem Post Group
Breaking News
Middle East
World News
NYC Conference
Diplomatic Conference
JPost Elections Conference
IvritTalk- Free trial lesson
The Jerusalem Report
Green Israel
Jerusalem Post Lite
March of the living
Tools and services
JPost Mobile Apps
JPost Premium
Ulpan Online
JPost Newsletter
JPost News Ticker
Our Magazines
Learn Hebrew
JPost RSS feeds
JPost.com Archive
JPost Alert
Digital Library
Special Content
Promo Content
Promo Content
Himalayan Salt Lamps
Undercounter Ice Makers
Commercial Carpet Cleaners
Commercial Paper Shredders
Cash Counting Machines
Commercial Zero Turn Mowers
Guru Mortgage
Senior Discounts
Sites Of Interest
The Jerusalem Post Conferences
Conference production services
Jerusalem Hotels
KKL-JNF
Poalim Online
Jewish Broadcasting Service
Personas Media
The Jerusalem Post Customer Service Center can be contacted with any questions or requests: Telephone: *2421 * Extension 4 Jerusalem Post or 03-7619056 Fax: 03-5613699 E-mail: subs@jpost.com The center is staffed and provides answers on Sundays through Thursdays between 07:00 and 14:00 and Fridays only handles distribution requests between 7:00 and  13:00 For international customers: The center is staffed and provides answers on Sundays through Thursdays between 7AM and 6PM  Toll Free number in Israel only 1-800-574-574  Telephone +972-3-761-9056 Fax: 972-3-561-3699 E-mail: subs@jpost.com
Copyright © 2020 Jpost Inc. All rights reserved • Terms of Use • Privacy Policy Designed by