Israeli security researchers have found a serious security breach in the ticketing app

Check Point investigators have identified significant security weaknesses in the popular ticketing app. The app, which allows users to share short videos, and has become especially popular in Israel in recent months, especially among teenagers. The breach allowed attackers to steal personal information and post private videos

Israeli security researchers have found a serious security breach in the ticketing app

Checkpoint cyber security researchers found a very serious security breach in the ticketing app, which allowed hackers to remotely access user accounts without even trying to trick them. The ticketing app has taken Israel and the world by storm and gained thousands of users in just a few months, with quite a few of them middle and high school teens. Now, Check Point's cyber defense researchers Alon Boxner, Eran and Kenin, Alexei Voludin, Dikla Breda and Roman Zaikin have revealed significant weaknesses in the popular app. Those weaknesses allow attackers, among other things, to take action on user accounts such as adding and deleting videos, changing their privacy settings (making private videos public), and even stealing personal information entered by users at sign-up.

"The Nude" offered nude photos of her to anyone who contributes to Australia's fire damage - and was blocked from Instagram

Oded Vanunu, Head of Product Weaknesses at Check Point, who heads the study: "Security breaches that lead to sensitive information leakage are a growing phenomenon. Most of these users assume that popular apps are especially secure, but hackers invest a lot of resources and efforts to penetrate them. This is due to the vast amount of personal information they have on each user and user. Our research shows that even the most popular apps in the world are at risk. "

More in Walla! TECH

The security breach discovered in the ticketing app by the team of researchers (Photo: Check Point)

Security hack discovered in ticking app by Check Point team (Photo: Check Point, screenshot)

Israeli cyber protection researchers at Check Point identified serious security vulnerabilities that allowed an attacker to send a malicious link message from the interface's built-in message delivery system. Clicking on the link, in fact, allowed an attacker to gain access to the victim's account and manipulate existing content in the victim's account, including deleting videos, uploading videos, and exposing existing private videos. Researchers also found that an app sub-site, https://ads.tiktok.com, was vulnerable to attacks that allowed attackers to steal personal information that users typed in at registration, including full names, residential addresses, email addresses and birthdates.

Tiktok, owned by Chinese company DanceDance, is one of the most popular apps in the world. It operates in 150 countries and has gained over a billion and a half downloads in the app stores within a few years - more than Instagram and Snapchat. As mentioned earlier, the app is very well known and popular with kids and teens, who post short videos of up to 60 seconds. Another app allows you to add background music to your videos, edit your videos and add effects, and as a result, it stores huge amounts of videos, some of which may be particularly sensitive, to users. "Ticketing is committed to protecting the information it has. Like many other organizations, we encourage information security researchers to pass on their findings to new weaknesses," said Dr. Luke Deschotels of the ticketing information security team. Check Point has since reported to the company that runs the ticketing app For its findings, and it corrected the weaknesses in question.