TikTok, One of the most popular apps among teens, is in news again but this time it is not about privacy but security. The famous video-sharing app has potentially dangerous vulnerabilities that let attackers highjack any TikTok account just by knowing the mobile phone number of the targeted victims.
Researchers from Check Point, a cybersecurity company in Israel, published a reported and video showing how to highjack the TikTok account by just knowing the phone number. By exploiting these vulnerabilities, an attacker can upload new videos, delete videos, and even access private videos.
Researchers demonstrated how one can use TikTok’s website to send a message with a malicious link to TikTok users. Once the user clicks on the link attacker will gain access to the user’s account.
They also found XSS vulnerability in Tiktok’s subdomain https://ads.tiktok.com. XSS allows attackers to inject malicious scripts to hijack cookies or redirect legitimate users to fake websites.
In a separate flaw, Check Point researchers demonstrated how they can retrieve personal information from TikTok user accounts through the TikTok website.
Check Point’s research team shared the details with TikTok on Nov. 20 and vulnerabilities had been fixed by Dec. 15.
If you are still using the older version of the TikTok app, you should update it now to be on the safer side.
