TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

2020-01-08 18:01

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.

If the user clicked that malicious link, the attacker could access the user's TikTok account and, so Check Point said, manipulate its content by deleting videos, uploading new videos and making private or "Hidden" videos public.

The vuln was in how TikTok validated newly signed-up mobile phone numbers.

When a new user signs up for TikTok, the app sends them an SMS. Check Point found out that a hacker can manipulate and send text messages to any phone number, appearing to come from TikTok.

Luke Deshotels, a TikTok security staffer, said in a canned statement: "TikTok is committed to protecting user data. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/08/tiktok_vulns_/

#socialmedia #tiktok #hacking #videos