IDF joins TikTok, despite national, international security concerns

Chinese technology companies are required to handover data to the communist government, Israeli security experts and US lawmakers have warned.

JANUARY 22, 2020 21:35

IDF Instagram story seen January 22, 2020. (photo credit: IDF) — IDF Instagram story seen January 22, 2020.

(photo credit: IDF)

Despite security concerns, the IDF announced on Twitter and in an Instagram story on Tuesday that it had now joined the Chinese social media app TikTok.

TikTok, a short-form video creation and sharing app, is available in over 150 markets worldwide and boasts over a billion users. But the app has come under increased scrutiny due to concerns that it has security flaws and weaknesses.

Recently, Israel’s Border Police banned its soldiers from using the Chinese-produced app, citing security and privacy concerns – joining a chorus of high-profile voices including the US Department of Defense, which also warned its staff not to use the app.

Israel-based Checkpoint Research released a report in December saying that, among other vulnerabilities, unauthorized videos could be uploaded, content on the app could be manipulated and sensitive data such as “hidden” videos and private email addresses could be released. These vulnerabilities have since been patched.

“The US Navy and Military both banned their soldiers from using it [TikTok]. They did so before we published on the vulnerabilities that we saw,” Gil Messing from Checkpoint Research told The Jerusalem Post. “It’s important to stress it’s not in the areas of privacy… or extraction of data, but more so in the fact that it was very easy to breach [the app].”

Security concerns remain however. In an October 23 letter written by US senators Chuck Schumer (D-New York) and Tom Cotton (R-Arkansas) urging the acting director of National Intelligence to look into TikTok, concerns were voiced over the app's ability to use artificial intelligence to “’learn’ each user's interests and preferences through repeat interaction.”

TikTok, owned by Beijing-based technology company ByteDance, has the ability to collect user data similar to that of other social networks. The difference, the senators pointed out, is that “ByteDance is still required to adhere to the laws of China,” and “China's vague patchwork of intelligence,” which “compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.”

Tik TokTikTokTikTok BOOMThe IDF is officially on @TikTok_usFollow us: https://t.co/WbZIunthw2 pic.twitter.com/fO0ZbnE72U
— Israel Defense Forces (@IDF) January 21, 2020

“It’s very common” for social media apps to collect data, Messing confirmed to the Post. “But I can tell you this: When we managed to find the vulnerabilities in the system and see the information that TikTok has asked the users to upload, there was a lot of information that’s not really necessary. Credit cards for example – why do they need a credit card?”

“They even had home addresses,” he said.

Messing said that TikTok claimed to be only using basic data. “The only tabs that people [users] are using are basically email addresses, full names and birthdays."

In a statement to the Post, the IDF said: "At this stage, the IDF does not prevent use of the app. The Information Security Department operates on a variety of levels to increase soldier’s awareness of threats to upload private, personal or classified information to social networks."

Dr. Harel Menashri, head of cyber at Holon Institute of Technology (HIT) and one of the founders of the Shin Bet’s (Israel Security Agency), cyber division told the Post that, “By law, every company in China has a partnership with the government. And the Chinese government doesn’t just want taxes – they also want to be able to communicate with computer systems.

“We found more and more systems and software from China that have back doors, and many of them automatically send data to Chinese servers. From the very beginning we found this app suspicious, Menashri said.

“I can’t comment on the security aspect, however using the platform does allow them [the IDF to] communicate a more human aspect of the Israeli army. And I don’t see how that’s a bad thing, given that there’s a lot of negative press about what the army does,” Emily Schrader co-founder of the digital marketing firm Social Lite Creative told the Post.

“It’s easy to lose sight of that in the international arena. The people who are serving in the army are often teenagers, and you aren’t necessarily aware of that in the United States and other countries that don’t have a draft,” she said.

However, “they do take every precaution when it comes to what photos are used and when they’re released,” Schrader added.

Menashri said that, “sometimes, the right hand doesn’t know what the left hand is doing. As we can see in many cases here in Israel sometimes, we are thinking we are wise when that is not the case. Look at what happened at the Hatzor Airbase a few weeks ago,” referring to the Israeli Air Force jets which were flooded in underground hangars.

“Sometimes they are too ignorant to make the right decision; sometimes people make mistakes,” he lamented.

“Don’t use TikTok,” Menashri recommended to IDF soldiers. “If the spokesperson’s unit wants to use it… it’s a problem – but if they decide it’s very important to use it, they have to do it very carefully,” he stressed.

"They should use the app in a completely isolated environment; don’t use it like a regular app. After they make their movies, they should transfer them to a special laboratory that’s a completely isolated environment… away from other computers.”

“Think very carefully before you use it,” he concluded.

In a later statement the IDF said: "TikTok is a platform that appeals to the young pre-draft audience. The IDF's TikTok account is operated and managed by the IDF Spokesperson's Unit. All content that is uploaded is previously approved by information security and commanders and uploaded from a device intended for that purpose."