TikToking all the way to your data

Since its introduction two years ago, short video app TikTok has surpassed over two billion downloads and continues to enjoy immense popularity. Unfortunately in recent months the app has been in the news over privacy concerns.

Back in January 2020, Check Point Research reported security concerns around the app. In this report, our teams discovered multiple vulnerabilities within the TikTok application, which allowed attackers to carry out the following:

  • Get a hold of TikTok accounts and manipulate their content
  • Delete videos
  • Upload unauthorized videos
  • Make private “hidden” videos public
  • Reveal personal information saved on the account such as private email addresses

Check Point Research informed TikTok developers about the vulnerabilities and a solution was responsibly deployed to ensure its users can continue using TikTok safely.

But Check Point Research isn’t the only organization that has raised concerns about TikTok. Various well-known corporations have announced banning the app from their workforce. Wells Fargo has announced it was doing so, right after Amazon backed off from a similar ban.

Furthermore, in the past several weeks, as relations between the US and China reached a new low, TikTok came back to the spotlight as a target for the Trump administration, with warnings from White House officials that the US is considering banning the app. Interestingly enough, in parallel, it has been reported that Microsoft is in talks to buy the app and willing to spend billions of dollars to do so.

Regardless, it seems that the dots are constantly connected, bringing the debate back to the same privacy concerns. This raises the question as to whether the information stored by users on the app is secure enough. Even an anonymous hacker recently stated: “Delete this Chinese spyware now”.

This week on Wednesday August 5 at 12.50pm PT at Black Hat’s application security track, Roman Zaikin, Security Researcher, and Oded Vanunu, Head of Products Vulnerability Research, will share for the first time, behind the scenes stories and details of how chaining multiple vulnerabilities could allow hackers to take full control over TikTok and its users, and how a mix of web and mobile vulnerabilities together in one exploit chain enables this. We look forward to you joining us at this session!