Primary Menu

Fly Ty

Morning Producer 6:00AM-10:00AM

Flaw in TikTok app let hackers control accounts with a text message, they can also add or delete videos and to extract personal information.

China’s popular video sharing app TikTok had “multiple” security vulnerabilities, according to a new report.

Cybersecurity firm Check Point said it found flaws that could allow hackers to take control of TikTok accounts and manipulate the content, upload and delete videos and reveal personal information such as a private email address.

It comes amid heightened scrutiny of the Chinese-owned platform. The findings will add fuel to arguments, particularly from U.S. politicians, that TikTok — owned by Chinese company ByteDance
The cybersecurity firm found that it’s possible to send a standard text message to any phone number on behalf of TikTok. On the app’s own site, there is a function that lets users send a text message to themselves so they can download the app.

But attackers could create a fake text message that appeared to be from TikTok, but actually contained a malicious link. Once users clicked on the link, hackers could take control of the account.

There was also a vulnerability in a TikTok web domain which allowed attackers to insert a malicious code. This was used to retrieve personal information of users.

Check Point said it disclosed the findings to TikTok and they have been patched.