Major security issues have been discovered within the hugely popular app TikTok, threatening the safety of users.

Researchers at Check Point found multiple vulnerabilities that would allow attackers to manipulate videos and steal confidential personal information.

"The research found that an attacker could send a spoofed SMS message to a user containing a malicious link," Check Point noted.

Download the new Independent Premium app

Sharing the full story, not just the headlines

"If the user clicked on the malicious link, the attacker was able to access the user’s TikTok account and manipulate its content by deleting videos, uploading unauthorized videos, and making private or 'hidden' videos public."

Security concerns with the app, which has over a billion users across 150 countries, recently resulted in the US Army banning soldiers from using it.

TikTok said it had fixed the security flaws found by Check Point after being alerted about them in November. A fix was rolled out within a month, though users had already been exposed to the issue for almost a year.

"Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us," TikTok said in a statement.

"Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers."

It is not clear whether any hackers exploited the vulnerability, though the rapid growth of the app means it has become a major target for cyber criminals.

"Malicious actors are always looking for vulnerabilities, so TikTok should not be shamed for being targeted," said Jake Moore, a researcher at cyber security firm ESET.

"The fact that they are taking ownership and offering quick support updates to mitigate the risk to their users is a positive step that should be commended."​

Comments

Share your thoughts and debate the big issues

Learn more
Please be respectful when making a comment and adhere to our Community Guidelines.
  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

Create a commenting name to join the debate

Please try again, the name must be unique Only letters and numbers accepted
Loading comments...
Loading comments...
Please be respectful when making a comment and adhere to our Community Guidelines.
  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

Loading comments...
Loading comments...