TikTok is an enticing target for hackers

Priya BhadaurjaSeptember 6, 2022

0 272

TikTok is an enticing target for hackers. As one of the most downloaded applications in the world and a phenomenon of short videos, TikTok is facing heightened criticism over its data security due to its responsibility to protect the personal data of over a billion users.

Last week, a number of cybersecurity experts tweeted about the alleged discovery of a server vulnerability that permitted access to TikTok’s storage and, in their opinion, held personal user data. Only a few days prior, Microsoft Corp. reported discovering a “high-severity vulnerability” in the Android version of TikTok that “would have allowed attackers to access users’ accounts with a single click.”

The TikTok app from ByteDance Ltd. has more than one billion monthly users presently and is a favorite of many young people. That makes it a tempting target for hackers who could try to take over well-known accounts or sell private data. The Trump administration classified it as a privacy issue in 2020, and it was almost outlawed due to worries about possible connections between its Beijing-based parent firm and the Chinese government.

TikTok denied the claims of a breach that was found over the weekend. A spokesman said: “Our security team looked into this claim and found that the allegedly problematic code is entirely unconnected to TikTok’s back-end source code.”

An Australian online security expert named Troy Hunt looked over a few of the data samples contained in the stolen documents and discovered similarities between user profiles and films uploaded under those IDs. However, part of the information exposed was “publicly available data that could have been fabricated without compromise.”

This is currently not very conclusive; some data corresponds to production information, although publicly available information. Some data is useless, but it may be test or non-production data, he wrote on Twitter. “So far, it’s been a bit of a mixed bag.”

The vulnerability found by Microsoft is a more specific problem that may have affected Android-powered mobile devices. According to Dimitrios Valsamaras of the Microsoft 365 Defender Research Team, it may have enabled attackers to access and change “TikTok profiles and sensitive information, such as by broadcasting private movies, sending messages, and posting videos on behalf of users.”

A representative for TikTok said that the business addressed the security hole that had been discovered “in some older versions of the Android app” in response to Microsoft’s findings right away.

Even if the problems are minor or inconclusive, TikTok and its parent company will be the subject of great attention at a time when the U.S. may intensify its actions against companies with ties to China. Nine U.S. senators requested an explanation from TikTok’s CEO in a letter that was published in June.

A separate executive order targeting TikTok is also conceivable, with the administration closely monitoring whether the Chinese government has access to American consumer data. President Biden is anticipated to sign an executive order restricting U.S. investment in Chinese digital businesses. The business has informed American legislators that it has taken precautions to safeguard the data by entering into a deal with Oracle Corp.

According to Robert Potter, co-CEO of the Australian-American cybersecurity company Internet 2.0 Inc., “There’s a lot of emphasis on the way TikTok runs and there’s a large difference between how it operates and how it says it functions.”

In a study published in July, Potter’s team claimed that it had discovered “excessive data harvesting” by TikTok on users’ devices, that the software regularly checks users’ whereabouts (at least once per hour), and that it has code that records serial numbers for both users’ devices as well as SIM cards.

Australia paid close attention to the story, and on Monday, Clare O’Neil, the country’s new minister for home affairs, declared that she had asked her agency to look into how TikTok collects data and who has access to it.

O’Neil stated in an email that “we have this fundamental issue here where we have technology businesses that are situated in nations with a more authoritarian attitude to the private sector.” “This doesn’t start and finish with TikTok. It’s one of the many problems that have arisen as a result of these powerful technological firms’ influence over our lives.