SAN CARLOS, CALIFORNIA — Cybersecurity firm Check Point has conducted an investigation into video-sharing app TikTok and found major vulnerabilities within the app.<br /><br />In a report, researchers from the company explained that hackers could access a person's account by using a function on TikTok's website that allows users to enter their phone number, which will text them a link to download the app.<br /><br />Hackers could use this flaw to change the download url and send a fraudulent SMS link containing a malicious link created by the attacker. This allowed attackers to access a user's account and to send requests on their behalf.<br /><br />Attackers could use this to manipulate a user's content feed by deleting videos from their feed and uploading unauthorized videos onto their feed instead. Hackers would also have the authority to change a user's video privacy settings from hidden, or private, to public.<br /><br />Researchers found that attackers could also execute JavaScript code in order to retrieve sensitive information about the user. This includes emails, payment information or birthdates.<br /><br />According to the BBC, Check Point said they informed TikTok's parent company ByteDance about the vulnerabilities in November.<br /><br />TikTok says the security flaws have since been fixed in their latest app version.
