TikTok Android Flaw Allows Hijacking

Microsoft has found a high-severity vulnerability inside the TikTok Android app which allows the hijacker to send messages, access and upload videos.

TikTok

TikTok is one of the most popular apps on the market and is available to all users with 1.5 billion downloads being popular globally as a competitor in social media and as a video platform. Shockingly Android operating phones are very common and these two aspects have intersected with a flaw allowing attacks incredible levels of access.

Research findings

Researches found that the flaw worked on all regional variations. Attackers would need to link multiple issues together with the critical part being a malicious link. Researchers claim once the first part of the link was completed personal data was accessible by the attacker.

TikTok attackers access and use

Attackers could access personal data which means they could acquire all forms of information such as age name and possibly location alongside email. Enabling the uploading of videos including private and public sending messages and generally having the same level of access as the owner is the other aspect of this system being compromised.

How it worked

Bypassing TikTok’s deeplink verification allowing the attackers to force the app to load any URL to WebView which is used by Android to display web content. Once the compromised WebView was in place attackers could use over 70 JavaScript methods to retrieve authentication tokens and modify account data. This is not the first time TikTok has had issues last year in September there was a flaw that released access to user phone numbers.

Last weeks article on EE is available here.

Our active fundraising for Air Ambulance is found here we appreciate any donation.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Alex Cunningham
Alex Cunningham
Alex is an information governance graduate, his main role is to support clients on how to help mitigate information security risks. Having recently graduated with a degree in Cyber Security with a focus on user-based security issues and risks. Alex enjoys playing video games, watching movies and going outside to visit new places with his dog Ruby.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue