A critical Flaw is discovered that lets hackers access the largest social app “TikTok” through a text. A flaw discovered by a blog post by Checkpoint security researchers and further evaluated by bleepingcomputer.com, suggest that all profiles were up for grabs by sending a text.
A detailed analysis of the flaw deduced that an individual was able to take over the account credential without the user ever finding out.
The spokesperson from TikTok suggested that there was no data breach but in truth, if there was no data breach how was the vulnerability discovered?.
Following a review of customer support records, we can confirm that we have not seen any patterns that would indicate an attack or breach occurred. Luke Deshotels from TikTok security team
Still to this date the platform has more flaws than the Iraq Intelligence community such as text spoofing, open redirection, and scripting.
As previously reported this flaw was discovered by a third party and not by the company security teams and it was fixed in December. TikTok has advised users to update the app immediately.
Using TikTok’s site, hackers send users a message to download the app. With malicious lines through manipulated javascript code, hackers can control a user’s profile when the link is clicked.
Tik Tok: What Parents Need to Know
The app has a quarter of a billion users as of November 2019.