https://www.forbes.com/sites/zakdoffman/2020/01/08/tiktok-confirms-severe-sms-security-threat-critical-new-fix-for-billion-user-app/#141cbfe848be
https://archive.md/VyC4a
https://archive.md/VyC4a
TikTok is China’s world-beating viral sensation—it is a genuine competitor to leading social media platforms like Instagram and Snapchat and kids around the world can’t get enough.
But TikTok’s lightning success has taken the “grown-ups” by surprise. Last year we saw multiple warnings and an FTC fine over the risks of child data privacy and endangerment, U.S. lawmakers called for a national security inquiry and the military banned its use, citing its “cybersecurity threat.”
In their new report, researchers at the cybersecurity firm Check Point have published details of multiple vulnerabilities found in TikTok’s architecture, in how it manages its communications with its more than one billion users across 150 countries.
The issues were disclosed and fixed, but they were serious and that should not be overlooked. The irony for TikTok is that this has nothing to do with its Chinese origins and everything to do with its global popularity. The technical specifics are less important that the sheer number of devices on which it is installed.
(two seventy six [276] also sums to 76)
Central to Check Point’s findings was a gaping security hole that would enable a malicious actor to communicate with any TikTok user by spoofing an SMS message that would seem to come from the platform.
By manipulating an option for a user to SMS themselves a link to the app, an attacker could send a different link to a different user.
That exploit opened up risks on the TikTok platform—data access, becoming a user’s follower without their permission, publishing private images, but it also allowed a malicious link to be sent to a TikTok user that would trigger an unrelated attack.
Just imagine how many, in the millions, have submitted data utilizing this TikTok app.
No comments:
Post a Comment