According to a new report from cybersecurity firm Check Point, China’s popular video-sharing app TikTok had “multiple” security vulnerabilities. They found flaws that could allow hackers to control TikTok accounts and manipulate content, upload and delete videos, and disclose personal information such as a private email address. The findings will add fuel to arguments that TikTok — owned by ByteDance, a Chinese company — is a national security threat, particularly from U.S. politicians.
CheckPoint found that a standard text message can be sent on behalf of TikTok to any telephone number. There is a function on the app’s own website that allows users to send a text message to themselves so they can download the app. The TikTok website allows attackers to insert malicious code. This can be used by a hacker to retrieve personal information of users. According to CheckPoint, they informed to TikTok regarding the same and they have resolve the issue now.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us,” Luke Deshotels of TikTok’s security team said in a statement. “Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”
The security patch is unlikely to allay U.S. lawmakers’ fears that the app might be a threat to national security. TikTok is also the subject of a Committee on Foreign Investment in the United States, or CFIUS, in its acquisition of Musica.ly, an app it purchased in 2017.