TikTok security flaw put hundreds of millions at hacking risk

A “excessive severity” safety flaw in TikTok’s Android app put lots of of tens of millions of the favored social media app’s customers liable to having their accounts hijacked, Microsoft’s cybersecurity group stated Wednesday. 

The flaw would have let hackers take over a TikTok person’s account by getting them to click on on a single hyperlink, the researchers stated. 

“Attackers may have leveraged the vulnerability to hijack an account with out customers’ consciousness if a focused person merely clicked a specifically crafted hyperlink,” Dimitrios Valsamaras of Microsoft’s 365 Defender analysis group wrote.

“Attackers may have then accessed and modified customers’ TikTok profiles and delicate data, comparable to by publicizing non-public movies, sending messages, and importing movies on behalf of customers.” 

TikTok fastened the flaw after being notified by Microsoft and there’s no proof it was really exploited by hackers, each corporations stated. 

The iPhone model of the app was reportedly not affected.

The Chinese language-owned social media app has greater than 1 billion energetic customers.

“By way of our partnership with safety researchers at Microsoft, we found and rapidly fastened a vulnerability in some older variations of the Android app,” a TikTok spokesperson informed The Publish. “We admire the Microsoft researchers for his or her efforts to assist determine potential points so we are able to resolve them.” 

If the flaw hadn’t been found, it may have affected lots of of tens of millions of Android customers throughout the globe. TikTok’s app has been downloaded by means of the Google Play Retailer greater than 1.5 billion occasions. 

In keeping with Microsoft’s report, the safety group was capable of create a hyperlink that gave them entry to a person’s account with out their password.

When a person clicked on the hyperlink as a part of a check, Microsoft was capable of change the person’s account to “!! SECURITY BREACH !!!” 

“This case shows how the flexibility to coordinate analysis and risk intelligence sharing by way of knowledgeable, cross-industry collaboration is critical to successfully mitigate points,” Valsamaras wrote. “We are going to proceed to work with the bigger safety group to share analysis and intelligence about threats within the effort to construct higher safety for all.” 

Show More

Related Articles

Back to top button