Researchers at security firm Check Point discovered last November many security problems in the application of TikTok .
This week, a month and a half after the discovery, TikTok commented that those errors were already fixed and thanked the security company for alerting them.
“Like many organizations, we encourage responsible security researchers to reveal privately zero-day vulnerabilities,” you can read in a statement distributed by the social network.
Check Point states that the vulnerability was in effect for most of 2019 , and is in doubt about whether any hacker had discovered it. The firm says that ByteDance had “responsibly deployed” a solution within a month of being informed about the problem.
“Prior to public disclosure, Check Point agreed that all reported problems were patched in the latest version of our application. We hope this successful resolution will foster greater collaboration with security researchers,” the company said.
The big problem is related to the way TikTok handles users’ phone numbers, which people must provide when they register for the application. Check Point discovered that hackers could access these numbers and send text messages on behalf of TikTok . With this, a hacker could:
– Remove videos , change their settings from private to public or upload unauthorized videos.
– Forcing a TikTok user to enter a web server controlled by the hacker , making it possible for the attacker to send unwanted requests on behalf of the user.
– Redirect users to a malicious website that resembles TikTok .