TikTok flaws could have allowed hackers access to user accounts through an SMS
TikTok is one of the fastest growing and popular apps globally. TikTok is available in over 150 countries and boasts over 1 billion users. TikTok was recently plagued with security vulnerabilities which could have allowed hackers to get hold of user accounts through simply an SMS.
This security flaw was discovered by Check Point Research who released a detailed research on how attackers could hack into TikTok accounts. When inside, attackers could delete videos, upload unauthorised videos and make private or hidden videos public on TikTok. It also gave attackers the potential to reveal personal information of TikTok users like their email addresses.
Check Point Research revealed that attackers could do this by taking advantage of TikTok's SMS service. TikTok has this feature where users can send an SMS from the desktop website to themselves to download the app. This SMS naturally comes with a link to download the TikTok app. Hackers could send an SMS from the official TikTok domain to any phone number. These spoofed SMS messages can be sent with a malicious link which would give hackers access to the user's TikTok account.
Check Point also discovered that TikTok's subdomain ads.tiktok.com was vulnerable as well. Under this, the help section which contains information on creating ads for TikTok could be abused by attackers.
Check Point's investigation went on for the past few months which led to these discoveries. TikTok was reported of these security vulnerabilities and have been patched in the app's latest version. The company has however not revealed how many or if any user has been affected by this hack. TikTok users are advised to update the app to the latest version from Play Store and App Store.