The official Xiaomi Miui community in our country.
3 May 2024
News by Xiaomi Miui Hellas
Home » All the news » Apps / Roms » Useful applications » TikTok: Dangerous security vulnerability has been revealed that leaves users' personal data exposed!
Useful applications

TikTok: Dangerous security vulnerability has been revealed that leaves users' personal data exposed!

from Mi Team0

Check Point Research (CPR) has recently revealed a vulnerability in operation "Finding friends" of TikTok bypassing them privacy protections.

ΑIf this vulnerability was not addressed it would allow an attacker to access user profile details and phone numbers associated with their account, making it possible to create an information database for use in malicious activity in the future.

CPR investigators twice found security flaws in TikTok. The most recently accessible profiles through the vulnerability include: phone number, nickname, profile pictures and avatar, unique user IDs, and some profile settings, such as whether the user is a follower or whether their profile is locked.

How intruders can exploit this vulnerability:
  1. Create a list of device IDs that will be used to search for TikTok servers.
  2. Create a list of token-specific tokens (each token is valid for 60 days) that will be used to search for TikTok servers.
  3. Bypass TikTok's HTTP message signing mechanism using their own background signing service.
  4. Connect all of the above by modifying HTTP requests, ignoring them and using various tokens and device IDs to bypass TikTok protection mechanisms.
The steps that followed Check Check Research and ByteDance…

CPR responsibly disclosed its findings to TikTok manufacturer ByteDance. The positive was that its creators TikTok have developed a solution to ensure that TikTok users can continue to use the application safely.

In her previous research on TikTok, CPR had already twice found security flaws in it.

See also

On January 8, 2020, CPR published a paper on a set of vulnerabilities that could allow a threat agent to gain access to personal information
stored in user accounts, manipulate user account information, or take action on behalf of a user without his or her consent.

Oded Vanunu, Head of Product Vulnerability Research at Check Point stated:

Our primary motivation this time was to investigate TikTok privacy. We were wondering if the platform could be used to obtain personal data of its user. The answer turned out to be yes, as we managed to bypass TikTok's multiple protection mechanisms that lead to breach of privacy. The vulnerability could allow an attacker to create a database with user details and their corresponding phone numbers.

An intruder with this level of sensitive information could commit a number of malicious activities, such as cyber fishing or other criminal activities. Our message to TikTok users is to share little of their personal data. As well as update their operating system and applications to the latest versions.

A TikTok spokesman said:

The security and privacy of the TikTok community is our highest priority and we value the work of trusted partners such as Check Point in identifying potential issues so that we can resolve them before they affect our users. We continue to strengthen our defenses, both through internal upgrades such as investing in an automated defense system, as well as through our collaboration with third parties.

Mi TeamDo not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles!

 

Follow us on Telegram !
Community editorial team. We are always looking for the best news and presentations!

Read also

Cat Quest II & Orcs Must Die! 3 : Get them for free from the Epic Games Store until May 9th

Mi Team

INDUSTRIA & TLISA: The Definitive Edition : Get them for free on the Epic Games Store until May 2nd

Mi Team

e-Antennas: View radiation measurements in your area from your mobile phone

Mi Team

The Big Con & Town of Salem 2 : Get them for free from the Epic Games Store until April 25th

Mi Team

Ghostrunner – Get it for free from the Epic Games Store until April 18th

Mi Team

Facebook Messenger : Soon to be able to send HD Photos, create albums and support larger files

Manolis Dagkalidis

Leave a comment

Save my name, email, and website to this navigator, next time I comment.

* By using this form you agree to the storage and distribution of your messages on our page.

This site uses Akismet to reduce spam comments. Find out how your feedback data is processed.

Leave a Review

Xiaomi Miui Hellas
The official community of Xiaomi and MIUI in Greece.

About us

About us

We are the official Fan Club (community) of Xiaomi and Miui in Greece.
We wish you a good stay in our community.

[rss-feed-icon]

@2018 - news.xiaomi-miui.gr. All Rights Reserved.
Read also
Facebook seems to be in new trouble after the revelation of the website…