With more than 1.5 billion registered users worldwide and more than 700 million monthly active users, TikTok’s large user base has naturally become a target for hacking attacks. According to the latest warning issued by security firm Check Point, some versions of TikTok are highly vulnerable to attacks in a variety of ways, potentially damaging and stealing personal information stored on mobile phones.
Check Point says there are multiple vulnerabilities in the popular short video app that makes it relatively easy for an attacker to take control of your account, upload or delete videos, and even expose videos that users are set to hide. The vulnerabilities were discovered last November, and both Android and iOS’s TikTok were affected, but have been fixed in the latest version.
One of the vulnerabilities is that TikTok allows users to accept download links through SMS information, which can be requested via the official website. But the mechanism wasn’t perfect, as researchers found a way to manipulate text and modify links in SMS messages to send special commands to the app if installed on your phone. In addition, they can use this vulnerability to send messages to any phone number, not just the phone number used to register a TikTok account.
Check Point said byteDance quickly made changes to fix the vulnerabilities in a new version released in December after it was reported to the TikTok security issue in November.