SAN CARLOS, CALIFORNIA — Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app.
In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app.
Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker. This allowed attackers to access a user's account and to send requests on their behalf.
Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead. Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public.
Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user. This includes emails, payment information or birthdates.
According to the BBC, Check Point said they informed TikTok's parent company ByteDance about the vulnerabilities in November.
TikTok says the security flaws have since been fixed in their latest app version.