Home » » TikTok has some worrying security flaws that could leave your activity open to anyone

TikTok has some worrying security flaws that could leave your activity open to anyone

No comments

Cybersecurity researchers from Imperva have uncovered a flaw in the popular social media app TikTok which could have allowed threat actors to exfiltrate sensitive data from victim devices to be used in identity theft attacks, phishing, or for blackmail.

The vulnerability, which has since been fixed, was found in the way the app handled incoming messages. Explaining the method, the researchers said the attackers could send a malicious message to the TikTok web application through the PostMessage API, which would glide past any security measures. 

The message event handler would then process the message and deem it secure, granting the attacker access to the valuable information.

User account details

By exploiting the vulnerability, the attackers could gain access to a treasure trove of valuable data, such as user device data (device type, operating system, browser used, etc.), videos viewed (what videos the victim viewed), the time spent on each video, user account data (usernames, videos, other account details), search queries (what the user searched for on the platform).

Even without the vulnerabilities, TikTok is a controversial app, to put it mildly. It was built by a Chinese company called ByteDance, and has more than 1.5 billion users (more than 150 million in the U.S. alone). 

Recently, the US government started scrutinizing and banning Chinese companies, claiming their government has a tight grip on them and could force them to allow for unauthorized backdoor access at any point.

Read more

> RESTRICT Act introduced in US Senate to fast-track TikTok ban

 > TikTok officially banned from US government smartphones

 > These are the best endpoint protection tools right now

Huawei was banned from developing the 5G infrastructure in the States, for that very reason. As for TikTok, the U.S. government first forced the company to store all of the data in the country, and then recently told its employees to remove the app from government-issued devices, citing matters of national security. 

TikTok, much like many other Chinese companies, is denying any involvement in any wrongdoing. 



from TechRadar - All the latest technology news https://ift.tt/m3u9gjw
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us