- TikTok; Paige Leskin/Business Insider
- TikTok is one of the most popular social networks in the world with over 1.5 billion downloads, but it’s also raised cybersecurity and privacy concerns due to its ties to China.
- Cybersecurity research firm Check Point recently discovered multiple security flaws within the app that made it possible for hackers to access users’ accounts, post videos, and view people’s personal information and sensitive data.
- There is no evidence the vulnerabilities were exploited by hackers.
- The research firm said the vulnerabilities were fixed after it contacted TikTok. However, the report draws into question who else can access and alter people’s private videos and information.
- Visit Business Insider’s homepage for more stories.
Security flaws have been discovered inside the viral teen-beloved social network, TikTok, that could have allowed hackers to access users’ personal information and make changes to their content.
The vulnerabilities – which have since been reported to TikTok and fixed – made it possible for hackers to send text messages to users seemingly coming from TikTok that contained malicious links. Those links could then give third parties access to TikTok accounts, where they could upload their own videos, manipulate and alter existing content, and obtain personal information. Importantly, there is no evidence hackers actually exploited the vulnerabilities.
Israeli cybersecurity firm Check Point first reported their security findings to TikTok on November 20, 2019, and the platform fixed all the flaws by December 19, The New York Times reports.
“As some have experienced, there is often a fine line between fun clips [and] private, even intimate assets being compromised while trusting to be under the protection from the apps we use,” Check Point wrote in its findings.
Check Point was able to gain access to personal data connected to users’ TikTok accounts, such as their real names, birth dates, and email addresses.
TikTok’s meteoric rise has been well-documented. The app, a place for making and sharing short viral videos, has more than 1.5 billion downloads worldwide, and is outperforming popular social competitors like Instagram and Snapchat. It’s been the launchpad for internet comedy and memes, and has become one of the go-to apps for the teens of Generation Z.
However, TikTok’s popularity in the US has come with major concerns over the risks it poses to cybersecurity and user privacy. TikTok has become an oft-discussed subject among those in the US government, amid a national security investigation and questions about the relationship between the platform and its China-based parent company, ByteDance. Most recently, the US army banned soldiers from using TikTok on government-issued phones and devices.
TikTok has consistently defended itself by asserting that none of its moderators are based in China, and that no “foreign government” asks the platform to censor content.
Others have raised concerns that the ties between China and TikTok puts the privacy of users’ data at risk. A class-action lawsuit was recently filed in California by a college student who alleges that her private information and unpublished content was accessed by TikTok without her permission and stored on servers in China. TikTok settled another lawsuit in December 2019 related to children’s privacy, paying out $1.1 million related to allegations that the app collected the information of children under 13 without their parents’ consent.
TikTok has also faced allegations that it censors “culturally problematic” and political content that could be seen as offensive to the Chinese government, according to former employees’ reports to The Washington Post and documents obtained by The Guardian and the German blog Netzpolitik. When pro-democracy protests broke out in Hong Kong earlier this year, TikTok was curiously devoid of any hints of unrest, and videos instead documented a prettier picture.