TikTok: a flaw allowed to retrieve users' phone
Cybersecurity researchers at Check Point have discovered a flaw in the hugely popular TikTok application, as part of the bug bounty program launched by the latter.
A program that has borne fruit since the flaw discovered was relatively large and could have enabled malicious people to retrieve the phone numbers of users of the application.
Corrected today, the flaw discovered by the researchers was in the “Friend Finder” functionality which allows you to find friends on the application.
Its exploitation could also have been done automatically, which would have allowed hackers to steal personal information - including "phone number, nicknames, profile and avatar photos, unique user identifiers and settings" - in large scale.
The risk was serious
“The vulnerability could have allowed an attacker to create a database containing the details of users and their respective phone numbers.
An attacker with this level of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.
Our message to TikTok users is to share the bare minimum when it comes to your personal data.
Update your operating system and applications to the latest versions, ”the researchers explain.
The risk was very real and could have led to smshing campaigns, or the sending of fraudulent SMS to try to recover additional personal or banking data.
Fortunately, no exploitation of this vulnerability seems to be deplored.
It is still advisable to update the TikTok application.
This type of information - phone numbers - is highly prized by hackers.
The recent listing of 533 million Facebook user phone numbers on Telegram is proof of this.
By the Web
TikTok: 110-year-old great-grandmother becomes social media star with her songs
Telegram: flaw reveals exact GPS position of users