checkAd

     160  0 Kommentare Check Point Research Reveals Multiple Vulnerabilities in TikTok

    Personal information such as private addresses and email addresses were vulnerable to exposure in one of the world’s most trending apps

    SAN CARLOS, Calif., Jan. 08, 2020 (GLOBE NEWSWIRE) -- Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, revealed today that it uncovered multiple vulnerabilities in TikTok that could have allowed attacks to manipulate content on user accounts and even extract confidential personal information saved on these accounts.

    TikTok is used mainly by teenagers and kids that use this app to share, save and keep private (and sometimes very sensitive) videos of themselves and their loved ones. The research found that an attacker could send a spoofed SMS message to a user containing a malicious link. When the user clicked on the malicious link, the attacker was able to get a hold of the TikTok account and manipulate its content by deleting videos, uploading unauthorized videos, and making private or "hidden" videos public.

    The research also found that Tiktok's subdomain https://ads.tiktok.com was vulnerable to XSS attacks, a type of attack in which malicious scripts are injected into otherwise benign and trusted websites. Check Point researchers leveraged this vulnerability to retrieve personal information saved on user accounts including private email addresses and birthdates.

    Check Point Research informed TikTok developers of the vulnerabilities exposed in this research and a fix was responsibly deployed to ensure its users can safely continue using the TikTok app.

    “Data is pervasive but data breaches are becoming an epidemic, and our latest research shows that the most popular apps are still at risk,” said Oded Vanunu, Check Point’s Head of Product Vulnerability Research. “Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate. Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using.”

    Seite 1 von 3


    globenewswire
    0 Follower
    Autor folgen

    Verfasst von globenewswire
    Check Point Research Reveals Multiple Vulnerabilities in TikTok Personal information such as private addresses and email addresses were vulnerable to exposure in one of the world’s most trending appsSAN CARLOS, Calif., Jan. 08, 2020 (GLOBE NEWSWIRE) - Check Point Research, the Threat Intelligence arm of Check …

    Schreibe Deinen Kommentar

    Disclaimer