Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

TikTok security flaw exposed private user data

Image Description

Investigators at cybersecurity firm Check Point Research have discovered a vulnerability affecting the popular video-sharing platform TikTok that allowed threat actors to steal users’ private data. 

The flaw, which has since been patched, raises questions about how much data users can safely share with mobile apps.

The security flaw was identified residing within TikTok “Find Friends” feature and enabled attackers to access some of the user’s profile details, including their phone number, TikTok nickname, profile and avatar pictures, unique user IDs, and certain profile settings.

Be careful what you share

Detailing the methodology employed to exploit the vulnerability, Check Point explained that TikTok employs contact syncing to help individuals find other users that they may know. However, it was found that attackers could manipulate the sign-in process, allowing them to upload and sync contacts at scale, letting them build up a database of users and phone numbers that could be used for follow-up attacks.

After being informed of the vulnerability, TikTok developer ByteDance quickly issued a patch, making the app safe to use once more.

“Our primary motivation was to explore the privacy of TikTok,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said. “We were curious to see if the TikTok platform could be used to gain access to private user data.  We were able to bypass multiple protection mechanisms of TikTok that led to privacy violation. The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers. An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”

However, this is not the first time that a security flaw has been found affecting TikTok. A year ago, Check Point published a research paper on another set of vulnerabilities. Ultimately, the best practice that users can take, with any app, is to only share as little information as possible.

Date

26 Jan 2021

Sources

Share

Other Blog

  • How to do an SEO website audit

    In this guide, we outline the most important steps involved in completing a full SEO website audit.

    Read More

  • Intel Tiger Lake laptops will get 8-core CPUs to take on AMD Ryzen 4000

    Intel has quietly revealed the fact that there will be 8-core Tiger Lake products coming at a later date.

    Read More

  • Microsoft Defender error is giving Google Chrome users a serious fright

    Several recent Google Chrome updates have been flagged as potentially harmful by Microsoft's in-built antivirus and endpoint protection service, reports have claimed.

    A number of Windows system admin reports have shown that Microsoft Defender for Endpoint has been tagging browser updates delivered via the Google Update service as suspicious.

    The activity is thought to be down to a false positive issue, but it's another possible headache for both Microsoft and Google as they try and disseminate their wares to as wide an audience as possible.

    False positive

    The Windows reports, seen by BleepingComputer, show that affected users were shown an alert concerning a possible "multi-stage incident involving Execution & Defense evasion".

    However, Microsoft says it has investigated the issue and found it to be a false alarm caused not by any criminal activity, but a clash of alerts.

    "Admins may receive a false positive alert for Google Update on Microsoft Defender for Endpoint monitored devices," Microsoft said. The company later revealed it had fixed the issue after around one and a half hours, with customers now able to fully use Microsoft Defender for Endpoint again.

    The news is the second such incident involving Microsoft Defender and false positive alerts within the past few months.

    In March 2022, a similar incident saw some Microsoft Office updates flagged as ransomware threats by Defender for Endpoint. Microsoft was again quick to investigate the issue, confirming it was again a false alarm.

    Read more

    > Microsoft Defender Windows antivirus could soon protect all your personal devices

    > Turns out Microsoft Defender had a rather embarrassing security flaw of its own

    > Microsoft Defender for Endpoint wants to help your employees use iOS devices

    In early December 2021, Defender also prevented users from opening some Office files and launching various applications, triggering false positives related to Emotet malware.

    Several serious security issues have affected Google Chrome in recent months, including a raft of zero-days. Most recently, the company released Chrome 99.0.4844.84 for Windows, Mac, and Linux to fix a high severity zero-day vulnerability that allows for remote code execution.

    Zero-day threats have become a major concern for businesses and end-users alike, with Google's in-house security team recently noting that the number of issues reached a record high in 2021.

    Via BleepingComputer

    Read More

  • Samsung Galaxy Tab S8 Lite leak says it's a new Android tablet coming in 2022

    The Samsung Galaxy Tab S8 series is the long-rumored upgrade to the company's flagship tablet line, and a new rumor suggests it'll be accompanied by an affordable edition that some are calling the Galaxy Tab S8 Lite.

    The leak, courtesy of Galaxy Club, says there will be four models of the upcoming tablet, and the Lite model will be the cheapest of the series.

    The leak doesn't confirm the Samsung Galaxy Tab S8 Lite name, so the company may opt to call it the Galaxy Tab S8 Fan Edition (as it did with its Galaxy Tab S7 FE tablet).

    This leak gives two model numbers, which is rumored to be for two different variants of the tablet. Those names are SM-X500 for the Wi-Fi variant and SM-X506B for a 5G-ready version.

    Previous rumors suggested we'll be seeing a Samsung Galaxy Tab S8 with an 11-inch screen, a Galaxy Tab S8 Plus with a 12.4-inch display and a Galaxy Tab S8 Ultra with a mamoth 14.6-inch display.

    We don't yet know when we'll see these models, or if we'll see them all debut at the same time. Previously, Samsung has waited at least a few months after its main series of tablets debut before bringing out its cheaper model.

    It may still do similar here, so there's no gurantee we'll see all four of these models at the same time. So when are we likely to see the first models of the Galaxy Tab S8 series appear?

    Analysis: When could we see these debut?

    Samsung Galaxy Tab S7 Plus

    The Samsung Galaxy Tab S7 Plus (Image credit: Future)

    As with a lot of gadgets in 2021, the Galaxy Tab S8 series was intitially expected to make its debut earlier this year but it hasn't appeared. Rumors suggest the product has been delayed.

    Samsung often brings out new flagship Android tablets every 12 months or so, but there's no clear sign of any new devices being revealed before the end of 2021.

    There are a few clear dates where these may appear, though. A recent rumor suggested the Samsung Galaxy S21 FE may debut at CES 2022 at the very beginning of January.

    It's unlikely we'll see new tablets debut there, but the company is rumored to be introducing its next flagship phone - that's the Samsung Galaxy S22 - during February this year.

    It may be that it tags on the Galaxy Tab S8 series (or some models) to make their official appeareance. Either that, or we may be waiting until deeper into 2022 until we hear anything about these new tablets.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us