The TikTok app for Android displayed a high-severity vulnerability that could have allowed hackers to take control of any user account that clicked on a malicious link. According to The Verge, hundreds of millions of users of the platform were potentially affected by this vulnerability.
Researchers from Microsoft’s Defender 365 research team conducted the research into this flaw. By the way, they revealed everything yesterday through a blog post. Microsoft was responsible for informing TikTok of the vulnerability present on its platform and, apparently, the flaw was quickly corrected. Moreover, Maureen Shanahan, spokesperson for TikTok, said that ” researchers involved in the discovery and disclosure praised TikTok for its quick response “.
What was this vulnerability?
According to Microsoft’s 365 Defender researchers, the vulnerability affected the deep linking functionality of the Android app. There is a verification process associated with this link management, but the researchers have found a way around it. They were able to access the account without having to enter a password.
They later proved this and managed to create a malicious link that, when clicked, changed a TikTok account’s bio to read “SECURITY BREACH”. Fortunately, this vulnerability was detected and quickly corrected, otherwise several accounts among the 1.5 billion downloads on Google Play Store would still be exposed to this threat.
The risks incurred by users
The TikTok app is admittedly not known to be prone to major hacks. Being aware of this, Microsoft still stressed the importance of close collaboration and coordination between technology platforms and vendors. Indeed, the security of user data should be ranked among the most important points of all social network companies.
For information, the cited vulnerability would have allowed a hacker to access all the main functions of the account. This includes the ability to upload and post any video, send messages to other users as well as view private videos stored in the account.
source