A vulnerability in the Android TikTok app means that hackers may have taken over your account. While this theoretically puts millions of users at risk, it was only possible if you clicked on a malicious link.
Details about this newly discovered exploit are revealed in a single click Microsoft 365 Defender Research Team (Opens in a new tab). The team classified the exploit as a “highly severe vulnerability” and reported their findings to TikTok. The social app patched it right away, but it shows how easy it is for users to lose their accounts.
The basics of this exploit mean that after users click on a specially designed link, the attackers will be able to access all the basic functions of the respective TikTok account. This includes uploading videos, sending messages, and viewing videos that are privately stored on the account.
Microsoft went into details, noting that the exploit worked with researchers to find ways to bypass TikTok’s deep link verification. This forced the app to open a random URL, and allowed that URL to access JavaScript bridges attached to the WebView.
From there the researchers were able to retrieve the account’s authentication codes, allowing them to access them without a password. Fortunately, this exploit was evidence of a conceptual attack, and there is no evidence that any hackers or other bad actors have taken advantage of it.
The security team notes that TikTok for Android is available in two variants: one for East and Southeast Asia, and one for all remaining countries. Both versions of the app were affected by this issue, and got 1.5 billion downloads on Google Play.
This shows you how serious and widespread the problem of this vulnerability is in reality. Fortunately, TikTok was informed of the vulnerability back in February, and “responded quickly” by developing a fix.
There is no mention of iOS or iPhone in Microsoft’s blog post, which indicates that these devices did not have the same vulnerability.
There are some things that users can do to make sure that this type of attack does not happen to them. The first is to make sure you have the latest version of the TikTok app installed. The other is to avoid clicking on suspicious links, especially those from unknown sources. As this vulnerability shows, even something as simple as clicking on a random link can have far-reaching consequences.
Be sure to check out our guide on how to keep your social media accounts secure, and seven ways you can improve your online security for free. It is also worth investing in one of the best internet security suites and one of the best VPNs to add extra layers to your online security.
[ad_2]