breaking news New

Israeli Researchers Found A Serious Security Weakness in TikTok

  • 04 May 2023
  • by
  • Comments Off on Israeli Researchers Found A Serious Security Weakness in TikTok

Israeli researchers have found a serious security weakness in TikTok Tiktok’s messaging system didn’t verify where the message was coming from.

In recent months, claims and questions have been raised about the way TikTok uses the private and personal information of its users. But now it seems that this information and the privacy of its users was at risk from an entirely different direction.

The Red Team of the Israeli Imperva research team tested security weaknesses in Tiktok‘s messaging system, because according to them, these systems are a known weak point in huge systems. In this case, the team tried to identify all event handlers in the TikTok web app and analyzed the source code in each instance where an API called PostMessage was used. After analyzing this information, they discovered that a certain script was responsible for processing the incoming message, but that it was not verifying the source of the message. This means that potentially, bad actors can abuse this and send messages that originate outside of TikTok. If that wasn’t enough, this handler would also send back the page the users are on using another function.

This is how the team discovered that if they retargeted the message, TikTok would take the user receiving the message directly to their profile, which meant they could get back sensitive information about them that should only be visible to them. Among other things, this information includes the user’s device data, username, account details, and also more sensitive things like the user’s video and search history. All this can be used by the attacker to intensify the attack through phishing, identity theft or of course, blackmail.

Imperva explains that they reported the weakness to Tiktok, and it was fixed quickly and with full cooperation.

Tiktok responded: “Protecting the safety and privacy of members of the Tiktok community is our top priority. Tiktok operates teams around the clock whose mission is to protect the privacy and information of our community members, and for this purpose we also cooperate with third-party parties, security researchers, researchers Bacdemiv and experts. We thank Imperva for helping us with this task. As soon as we received the report from them, we took steps and actions to solve the problem in a short time.”

Reviewer overview

Israeli Researchers Found A Serious Security Weakness in TikTok - /10

Summary

Israeli researchers have found a serious security weakness in TikTok Tiktok's messaging system didn't verify where the message was coming from.

0 Bad!

EDITORIAL DESK16047 Posts

You may also like

As TikTok Ban Looms ByteDance Battles Oracle for Control of its Algorith

  • 25 August 2023

TikTok Transparency Tools Launched in Europe by The Social Network

  • 20 July 2023

Researchers Create an App to Measure your Temperature with Smartphone

  • 26 June 2023

The Privacy Guarantor on TikTok and Data Access from China

  • 12 June 2023

TikTok Aims to Increase its e-commerce Business to $20 Billion

  • 09 June 2023