Hey, kids of the world -- update your TikTok apps!
That's because older versions of the Chinese-made video-sharing app, insanely popular with teenagers, can be exploited to alter accounts, delete or add videos, or reveal private videos or even personal information.
Researchers from Israeli cybersecurity firm Check Point detailed the flaws in a long research paper released today (Jan. 8). Not to go too far into detail, but the TikTok website had a number of flaws that let attackers send malicious SMS texts to mobile phones, force the TikTok app on user phones to open malicious web pages, and even delete and add videos to user accounts.
The Check Point researchers dissected the effect of malicious activity on the Android TikTok app and not the iOS one, but because many of the problems were on the TikTok server side and not on the user client side, most of these flaws can be exploited on either mobile platform.
Fortunately, all the flaws have been fixed in recent app updates.
"Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app," said TikTok security team member Luke Deshotels in a joint statement with Check Point. "We hope that this successful resolution will encourage future collaboration with security researchers."
As of this writing, the latest versions of TikTok are 14.4.0 on iOS and 14.4.11 on Android.
TikTok has been banned from the smartphones of most active-duty U.S. service members, but that's because the U.S. government sees the app as a Chinese military threat, not because of lax website security. (As far as social-networking apps go, TikTok protects your privacy pretty well.) More than a billion people worldwide have installed either the TikTok app or its China-only sister app Douyin.
