Security alert: Wildly popular video app leaves users vulnerable to hackers

By Kim Komando

January 10, 2020

© Bigtunaonline | Dreamstime.com

Regardless of your age or interests, there’s something on social media for everyone. If you’re big on friends and don’t care about privacy, Facebook is the place to be. If you take lots of photos and like jealousy, Instagram is the way to go. And if you love being yelled at by strangers, you can’t go wrong with Twitter.

Jokes aside, there are good and bad aspects to every social network out there. And none illustrate this duality better than the newest hit platform: TikTok. It’s a great place to express yourself and have fun on video, but it’s a potential playground for predators and creeps. Tap or click to learn if your kids are safe on TikTok.

To complicate things further, this popular app earned another bit of controversy — this time for leaving users open to hackers and data thieves. Thanks to some deep glitches in the app’s coding, hackers can exploit it and creep on users. If you or your kids use TikTok, you’ll want to update the app as soon as possible.

Technical tit-for-tat on TikTok

Security analysts at CheckPoint Research have posted an article outlining vulnerabilities they discovered in the popular app TikTok. The teams discovered several flaws in the program that, when exploited, would allow a hacker to compromise accounts, steal private data and post on the victim’s behalf.

The flaw is contained in the app’s text message functionality, which can be accessed via TikTok’s official website. In theory, users can use this feature to send download links for the app. Unfortunately, these SMS requests can be captured and altered by hackers to include malicious links.

If the malicious link is included in a download, it can totally crack the app open and allow hackers to wreak havoc.

Following this discovery, Checkpoint Research informed TikTok the company had a zero-day bug on its hands. Recent editions of the app have seen the flaw completely removed.

This is a serious bug! Why are we just finding out about it now?

This is common procedure for most zero-day bugs. Companies generally keep this information hidden to prevent any aspiring hackers from catching wind of the exploit. Plus, it gives security researchers the confidence to speak out about their discoveries, as they know they’ll be properly credited for their work.

For a perfect example of this process in action, tap or click here to see how Google helped Apple stamp out a zero-day bug.

If my family has TikTok on our devices, are we safe?

This depends on which version of the app you have installed. The latest editions of the software have been patched to remove the exploit — so if you aren’t caught up with your updates, your account may be at risk.

To update your apps, visit either the iOS App store or Google Play store on your phone, and search for TikTok. If you see the option to download the program, tap it to update. If you’re up to date, the listing should read “Installed.”

Of course, just having the latest version of TikTok doesn’t make the platform totally safe. Tons of scams and shady users still flood the platform — even when kids are around. Tap or click here to learn how dating scams are infiltrating TikTok.

Tags: Apple, creeps, Facebook, Google, Google Play, hackers, Instagram, predators, scams, security, social media, TikTok, updates, vulnerabilities, X (Twitter)