Vulnerabilities found in TikTok: Report

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app.

In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app.

Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker. This allowed attackers to access a user's account and to send requests on their behalf.

Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead. Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public.

Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user. This includes emails, payment information or birthdates.

According to the BBC, Check Point said they informed TikTok's parent company ByteDance about the vulnerabilities in November.

TikTok says the security flaws have since been fixed in their latest app version.

RUNDOWN SHOWS:
1. Security flaws found in TikTok
2. How hackers are able to access a user's account
3. They could manipulate a user's content feed
4. Hackers could also gain access to user's sensitive information

VOICEOVER (in English):

"Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app."

"In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app."

"Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker."

"This allowed attackers to access a user's account and to send requests on their behalf."

"Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead."

"Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public."

"Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user. This includes emails, payment information or birthdates."

SOURCES: Check Point Research, CNBC, BBC News
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
https://www.cnbc.com/2020/01/09/tiktok-security-flaw-found-that-allowed-hackers-to-access-accounts.html
https://www.bbc.com/news/technology-51010408