1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • TikTok has some worrying security flaws that could leave your act

    From TechnologyDaily@1337:1/100 to All on Sun May 7 12:30:04 2023
    TikTok has some worrying security flaws that could leave your activity open
    to anyone

    Date:
    Sun, 07 May 2023 11:10:04 +0000

    Description:
    A threat actor could have stolen sensitive data from vulnerable devices
    thanks to a flaw in the TikTok app.

    FULL STORY ======================================================================

    Cybersecurity researchers from Imperva have uncovered a flaw in the popular social media app TikTok which could have allowed threat actors to exfiltrate sensitive data from victim devices to be used in identity theft attacks, phishing, or for blackmail.

    The vulnerability, which has since been fixed, was found in the way the app handled incoming messages. Explaining the method, the researchers said the attackers could send a malicious message to the TikTok web application
    through the PostMessage API, which would glide past any security measures.

    The message event handler would then process the message and deem it secure, granting the attacker access to the valuable information. User account
    details

    By exploiting the vulnerability, the attackers could gain access to a
    treasure trove of valuable data, such as user device data (device type, operating system, browser used, etc.), videos viewed (what videos the victim viewed), the time spent on each video, user account data (usernames, videos, other account details), search queries (what the user searched for on the platform).

    Even without the vulnerabilities, TikTok is a controversial app, to put it mildly. It was built by a Chinese company called ByteDance, and has more than 1.5 billion users (more than 150 million in the U.S. alone).

    Recently, the US government started scrutinizing and banning Chinese companies, claiming their government has a tight grip on them and could force them to allow for unauthorized backdoor access at any point. Read more

    RESTRICT Act introduced in US Senate to fast-track TikTok ban


    TikTok officially banned from US government smartphones


    These are the best endpoint protection tools right now

    Huawei was banned from developing the 5G infrastructure in the States, for that very reason. As for TikTok, the U.S. government first forced the company to store all of the data in the country, and then recently told its employees to remove the app from government-issued devices, citing matters of national security.

    TikTok, much like many other Chinese companies, is denying any involvement in any wrongdoing. Here are the best firewalls at the moment



    ======================================================================
    Link to news story: https://www.techradar.com/news/tiktok-has-some-worrying-security-flaws-that-co uld-leave-your-activity-open-to-anyone


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)