• About
  • Contact
Saturday, March 6, 2021
Next Big Brand
  • .
  • News
  • Internet
  • Startup
  • OTT
  • Industries
  • FMCG
  • Cryptocurrency
  • Retail
  • Tech
  • Case Study
  • Interview
No Result
View All Result
Next Big Brand
Home Media

Multiple Security Flaws Detected In TikTok: CheckPoint Research

Pritish raj by Pritish raj
January 9, 2020
in Media, News
3 min read
0
TikTok Ban Highest Grossing App Security Flaws Popularity- next big Brand

TikTok Popularity- next big Brand

Share on FacebookShare on Twitter
  • CheckPoint recently reported that TikTok short-form video platform that could have been exploited to take control of user details & more security flaws.
  • TikTok- The short-form video platform that could have been exploited to take control of user accounts, delete videos, upload videos, make private or hidden videos public as reported by CheckPoint Research.

Researchers at CheckPoint Research, an Israeli cybersecurity firm, have identified multiple vulnerabilities in TikTok’s short-form video platform that could have been exploited to take control of user accounts, delete videos, upload videos, make private or hidden videos public, and reveal such email address personal information.

The vulnerabilities were brought to the attention of TikTok and were already patched by the cybersecurity team of the Chinese company. “We invite responsible security researchers, like many organizations, to secretly report zero-day vulnerabilities to us. Until public disclosure, CheckPoint confirmed that in the latest version of our software, all identified bugs were patched.

We hope this successful outcome will encourage future cooperation with security researchers, “said TikTok Security Team’s Luke Deshotels. CheckPoint found multiple vulnerabilities in TikTok during their testing. One such vulnerability called SMS Link Spoofing could have enabled an attacker to send a spoofed SMS message with a malicious link on TikTok’s behalf.

Another vulnerability called Open Redirection might have allowed the attacker to redirect the user to a malicious website that will execute JavaScript code and make requests with the victims ‘ cookies to Tiktok.

The flaw in the redirection method was found in RegEx (regular expression) validation, which failed to properly validate the parameter redirect URL. Instead, the parameter value ending with TikTok.com was validated, allowing anything to be redirected with tiktok.com.

CheckPoint also found that the subdomain of Tiktok was vulnerable to XSS attacks, a form of attack that injects malicious scripts into a trusted website. The attacker may send a JavaScript code and perform actions on behalf of the user without their consent in the absence of any anti-cross-site request forgery mechanism in place.

By exploiting these vulnerabilities, an attacker can send HTTP GET requests with the video id requesting TikTok to delete the videos. Similarly, they can upload a video on the user’s page by sending the HTTP POST request on behalf of the user. To make a private video public, an attacker will first require the video id of a private video, which is gettable if the attacker is a follower of the user. Using the ID, an attacker can change the video privacy settings by sending an HTTP GET request on behalf of the user.

Within TikTok subdomains, researchers also found some API calls. Through submitting requests to some of the APIs, confidential user information such as email address, payment information, and date of birth has been released.

Oded Vanunu, Head of Product Vulnerability Research at CheckPoint, warned in a press statement that social media applications are highly targeted at vulnerabilities as they provide a good source for private data and provide a good surface gate for the attack. Malicious actors spend large amounts of money and put such huge applications into the great effort. However, most users are assumed to be protected by the app they use.

In India alone, TikTok is highly popular among teenagers and boasts over 200 million users. The platform is being scrutinized in the U.S. and several agencies, including the U.S. Navy, have banned their staff from using the app, according to reports.

To check the latest news about TikTok, Click here.

Previous Post

OTT Platforms Taking India Seriously. Amazon Prime To Release 1 Show Every Month

Next Post

Byju Gets $200mn Funding By Tigers. Elevates Ed-Tech To Another Level

Pritish raj

Pritish raj

Pritish Raj is a content writer at Next Big Brand. Hailing from the diversified state of Bihar, he is an engineer by education who chooses the way of poetry, photography, and writing to kick off his career. Highly enthusiastic about brands and startups, he aims to be a travel content creator.

Related Posts

Divya Gokulnath: Women Power Behind the Success of Byju’s
News

Divya Gokulnath: Women Power Behind the Success of Byju’s

March 6, 2021
Vineeta Singh-CEO of SUGAR: NBB
News

Vineeta Singh: an IIM Alumnus who Turned Down 1 Crore Job Offer for Startup Journey

March 5, 2021
Walmart owned Flipkart Eyes IPO through SPAC Route
News

Walmart owned Flipkart Eyes IPO through SPAC Route

March 5, 2021
Noise ranked as India’s No.1 Wearable Watch Brand in 2020 by IDC
News

Noise ranked as India’s No.1 Wearable Watch Brand in 2020 by IDC

March 5, 2021
Midhula Devabhaktuni: Inspiring Women with Her Successful Entrepreneur Journey
News

Midhula Devabhaktuni: Inspiring Women with Her Successful Entrepreneur Journey

March 4, 2021
Deepinder Goyal, Asish Mohapatra, Sarbvir Singh, and Manish Vij Invest in Bijnis
News

Deepinder Goyal, Asish Mohapatra, Sarbvir Singh, and Manish Vij Invest in Bijnis

March 4, 2021
Next Post
Byju Gets $200mn Funding By Tigers. Elevates Ed-Tech To Another Level

Byju Gets $200mn Funding By Tigers. Elevates Ed-Tech To Another Level

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

RECOMMENDED NEWS

CCD outlet

Coffee Day Sells Global Village Technology Park To BlackStone

1 year ago
JioMart Nationwide- Next Big Brand

After Fashion, JioMart Enters The Race Of Online Consumer Electronics

4 months ago
Tata Consultancy Services TCS

TCS becomes the most valuable firm in terms of M-Cap, overtakes RIL

2 years ago
Ajay Devgn to invest ₹600 crore in his multiplex venture NY Cinemas

Ajay Devgn to invest ₹600 crore in his multiplex venture NY Cinemas

2 years ago

FOLLOW US

  • 28.9k Fans

BROWSE BY TOPICS

2018 League amazon Amazon Great Indian Sale Amazon Prime Apple Apple Inc Automobile Industry Balinese Culture Bali United Budget Travel Champions League Chopper Bike Doctor Terawan facebook Facebook app future group hotstar Indian OTT Platforms Indian Smartphone Market Istana Negara Jio Market Stories Maruti Suzuki National Exam Netflix Netflix India Netflix Originals oppo OTT OYO Realme Reliance Industries Limited Reliance Jio RIL Samsung Tata Motors Tiktok TikTok India TikTok Videos Visit Bali Vivo whatsapp Xiaomi Xiaomi India YouTube
Next Big Brand

We Talk About Brands

Follow us on social media:

Recent News

  • Divya Gokulnath: Women Power Behind the Success of Byju’s
  • Vineeta Singh: an IIM Alumnus who Turned Down 1 Crore Job Offer for Startup Journey
  • Walmart owned Flipkart Eyes IPO through SPAC Route

Instagram

Follow Me!

Latest News

Divya Gokulnath: Women Power Behind the Success of Byju’s

Divya Gokulnath: Women Power Behind the Success of Byju’s

March 6, 2021
Vineeta Singh-CEO of SUGAR: NBB

Vineeta Singh: an IIM Alumnus who Turned Down 1 Crore Job Offer for Startup Journey

March 5, 2021
  • About Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
  • DMCA Policy
  • Our Team
  • Contact Us
  • Sitemap

© 2019 NBB. All Rights Reserved.

No Result
View All Result
  • .
  • News
  • Internet
  • Startup
  • OTT
  • Industries
  • FMCG
  • Cryptocurrency
  • Retail
  • Tech
  • Case Study
  • Interview

© 2019 NBB. All Rights Reserved.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.