Researchers Find Major Security Flaws in Popular App TikTok
TikTok claims it fixed the issues within one month of learning about them.
An investigation by cybersecurity firm Check Point has uncovered major security flaws in popular video-sharing app TikTok.
The firm made TikTok aware of the vulnerabilities on November 20, the New York Times reports, and by December 15, the company had addressed them all — but the prior existence of the issues could bolster claims that TikTok may threaten America’s national security.
According to Check Point’s newly published report on the security flaws, the company’s investigators were able to access TikTok accounts and then manipulate their content, uploading new videos, deleting existing ones, and even making private videos public.
Check Point’s team was also able to send messages containing malicious links to users that looked as though they came from TikTok, as well as access users’ private account information, including their email addresses.
Check Point confirmed in its report that TikTok has addressed all the vulnerabilities its team uncovered. Luke Deshotels, the head of TikTok’s security team, meanwhile, told the NYT that there was “no indication” that anyone had exploited the security flaws while they existed.
Still, TikTok’s explosion in popularity and ties to China — parent company ByteDance is based in Beijing — meant the app was already under intense scrutiny by the U.S government.
In November, Reuters reported that a U.S. security panel had launched a national security review of ByteDance. That same month, the Army announced it was conducting a security assessment of the app and told cadets they could no longer appear in TikTok videos while in uniform.
On December 16, the Department of Defense urged employees to delete TikTok from their devices. The next day, the Navy outright banned the app, calling it a “cybersecurity threat,” and the Army followed suit with its own ban on December 30.
“It is considered a cyber threat,” Army spokesperson Robin Ochoa told Military.com at the time. “We do not allow it on government phones.”
And remember: all of these precautionary bans and warnings from U.S. government agencies took place before anyone had publicly identified any TikTok security vulnerabilities.
Now we know for sure that the app did contain exploitable security flaws — and TikTok’s assurances that it’s addressed the discovered issues seem unlikely to alleviate the American government’s concerns about the popular app.
READ MORE: Major TikTok Security Flaws Found [The New York Times]
More on TikTok: Navy Bans TikTok, Calling It a “Cybersecurity Threat”