Security News

A coalition of consumer groups filed a complaint Thursday with US regulators claiming the popular video app TikTok has failed to live up to an agreement last year limiting data collection from children. The 20 organizations said in a Federal Trade Commission complaint that TikTok continues to collect data on children under 13 without parental consent despite a February 2019 US court settlement.

The complaint alleged that TikTok violated a previous agreement with the FTC, where it had vowed to remove all videos previously uploaded by children under the age of 13 and make stronger efforts to request parental consent when collecting children's personal data. TikTok's previous agreement came after it was slapped with a $5.7 million FTC fine for violating the Children's Online Privacy Protection Act, which sets privacy rules for operators of websites or online services directed to children under 13 years of age.

On Friday, the Dutch Data Protection Authority announced that it's launched an investigation into how TikTok handles user privacy. The rise of TikTok has led to growing concerns about privacy.

More-popular-than-ever "Youngster" app TikTok has just announced a feature called Family Pairing. ICYMI, TikTok - which bills itself as TikTok, Make Your Day - is a video sharing service that lets you post and share fun videos up to 60 seconds long.

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!

A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.

Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos". We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.

As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

Sen. Josh Hawley and Sen. Rick Scott this week introduced a bill aimed at banning the use of the China-made TikTok application on government devices. Referred to as the "No TikTok on Government Devices Act," the new legislation would prevent government employees, diplomats, and politicians from downloading or using TikTok or other applications from the same developer on their government-issued phones.

TikTok, the controversial and wildly popular social video app maker, announced on Thursday that Roland Cloutier will join the company as Chief Information Security Officer. Cloutier joins TikTok from ADP where he served as SVP and Chief Security Officer, overseeing the company's cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.