Login

Register

Login

Register

#hacking | Web security holes left TikTok users wide open to pwnage


Caught on camera

Multiple security vulnerabilities have been uncovered in popular video sharing app TikTok.

Researchers at Check Point have gone public with flaws that made it possible to hack a TikTok account by sending an SMS message, among other exploits.

After a user clicked on a malicious link in a spoofed text message, an attacker would have been able to gain access to their TikTok account.

Such compromised access created a mechanism for attackers to delete or add a video to accounts, make hidden public videos public, or steal personal information such as private email addresses.

All this was possible because TikTok’s web infrastructure made it possible to redirect a targeted user to a malicious website that looked like the Chinese developer’s homepage.

This security shortcoming could be combined with cross-site scripting (XSS), cross-site request forgery (CSRF), and other exploits to effectively hijack accounts, as explained in a blog post by Check Point.

The researchers only went public with their findings after first disclosing the flaws to TikTok and allowing developers to put together and release appropriate security patches.

TikTok is mainly used by teenagers to create and share short music clips or looping videos.

The US Navy and Army both recently banned use of the app due to security concerns.

Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, said that developers of apps targeting or popular with teens have a particular social responsibility to protect their install base from threats designed to harvest their data or scam them.

READ MORE Malicious photo app exploits Android kernel vulnerability



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW