TikTok Bugs Could Have Allowed Account Takeovers
As the social media app continues to gain popularity, security researchers are taking a closer look under the hood.
The social video app TikTok has been branded a potential security threat for its ties to China—the app is owned by the Beijing-based company ByteDance—but like any piece of software it also has the potential for more immediate security concerns. Recently patched vulnerabilities in the app could have allowed an attacker to take over TikTok accounts, add or delete videos, and expose private data like user information or videos marked “hidden.”
Researchers from the security firm Check Point first disclosed the bugs to TikTok in late November, and the company patched all of them on iOS and Android by the end of December. The findings come, though, as Congress has held hearings and called for investigations in recent months over the possibility that the app poses a national security risk. And the US Army and Navy both banned the app from their devices at the end of 2019, calling it a cyber threat. All software has bugs, and a few vulnerabilities doesn’t show that TikTok is at all malicious. But the findings show that the social media app of the moment merits more scrutiny.