Published on January 9th, 2020 📆 | 3944 Views ⚑
0Reasons why TikTok was banned by US Marines and is dangerous to use it
According to figures released by cybersecurity firms, TikTok managed to break into the Top 5 of the most downloaded apps of 2019, although user interest also attracted the attention of government agencies and researchers interested in the potential security risks in the use of this platform.
This app is under intense scrutiny for issues
related to user privacy, censorship of certain types of content and a potential
national security risk declared by the US Military due to its potential
partnership with the Chinese government.
According to multiple reports, this video sharing app, developed by a Chinese company, presents multiple vulnerabilities that expose its users to various cybersecurity risks. Apparently exploiting these flaws would allow hackers to remotely hijack a TikTok account, all the hacker requires is to know the victim’s phone number.
Researchers from the cybersecurity firm Check
Point would make the presence of these flaws revealed in the app, which would
allow executing malicious code remotely to perform arbitrary actions usurping
the victims.
Vulnerabilities would allow malicious actions
such as posting unauthorized content, deleting victims’ videos, or even
changing a profile settings, switching from public to private or vice versa.
For the attack, threat actors abuse an SMS system with little security on the official TikTok website. This system allows users to send their phone an SMS, which includes a link to download the application. Cybersecurity experts say an attacker could take advantage of this situation by sending an SMS to any phone number on TikTok’s behalf.
This message could contain a modified URL that would redirect victims to a malicious page for the purpose of injecting malware into the target device.
In combination with cross-site scripting flaws,
this attack could allow hackers to run malicious JavaScript
when victims interact with the link sent by hackers. This is an attack known as
cross-site request forgery. The vulnerability was reported in a timely manner
by Check Point, so the latest version of the YA app must be corrected.
TikTok remains under scrutiny from the U.S.
government, so more security inconveniences in the app could be revealed
shortly. For the time being, the International Institute of Cyber Security (IICS)
recommends that users of the app update to the latest version, as well as
remain alert to any updates to these reports.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
Gloss