The Limited Times

Now you can see non-English news...

A serious security breach was discovered in Tiktok - Walla! TECH

2021-01-26T11:04:30.658Z


The Israeli information security company Check Point found a serious security breach in Tiktok, which made it possible to access the personal details of users. The loophole used one of the "Find My Friends" features. Matiktok reports: "We value collaborations with qualified partners such as Check Point"


  • TECH

  • news

A serious security breach was discovered in Tiktok

The Israeli information security company Check Point found a serious security breach in Tiktok, which made it possible to access the personal details of users.

The loophole used one of the "Find My Friends" features.

Matiktok reports: "We value collaborations with qualified partners such as Check Point"

Tags

  • Ticket

Walla!

TECH

Tuesday, January 26, 2021, 1:00 p.m.

  • Share on Facebook

  • Share on WhatsApp

  • Share on general

  • Share on general

  • Share on Twitter

  • Share on Email

0 comments

  • Network anchor Eva Louise

  • What's up with Dark Web?

  • Pope: Supports civil marriage of ...

  • IPhone 12 Pro

  • The wedding of the grandson of the Rebbe of Darag with the granddaughter of the Rebbe ...

  • Ganz called for connections in the center-left bloc: "Ready to sacrifice ...

  • LG OLED

  • Uniden r8il detector

  • Galaxy S21 Ultra

  • Jabra Elite 85t

  • Bahraini Foreign Minister on a historic visit to Israel: Soon ...

In the video: Cyber ​​researcher Gilad Hahn on the dangers of online impersonation (Editing: Stick pages)

A vulnerability in Tiktok was discovered by investigators at the Israeli cyber company Check Point: The vulnerability allowed attackers to access the personal phone numbers connected to the Tiktok account and cross-reference them with additional account information (including nickname, profile photos, User ID) and access to some user settings ( Tracking followers, hidden profile).

Exploitation of this type of vulnerability could have allowed attackers, using appropriate automated means, to generate a vast database of phones and other personal information all based on the information users had updated in their tic tac accounts.

Just last year, Check Point identified another security vulnerability in Tiktok that allowed users to obtain personal information and take account actions.

More on Walla!

NEWS

The end to stabbings?

The Dark Watch Series 7 will offer a blood sugar measurement

To the full article

"We wanted to test whether the popular platform allows access to personal information and saw that this is possible bypassing an existing protection mechanism in one of the popular features. Extensive use of such vulnerabilities allows hackers to create databases that cross names to phone numbers, "Many followers on social networks. Such a database is used by hackers for phishing attacks or alternatively for direct attacks on devices of high-profile users," said Oded Vanunu, head of the product weakness department at Check Point, who led the study.

"We appreciate the fact that Tiktok took very seriously to fix the vulnerability. Our recommendation to social media users is to share as little personal information with them as possible and make sure the apps are up to date with their latest version."

A serious security breach was discovered in Tiktok (Photo: AP)

The vulnerability exploited an existing mechanism in a platform called Find Friends that allows Tiktok to automatically locate users who are in the user's contacts, through their phone number.

The mechanism actually "sends a query" to the platform servers and they in response provide the answer to the query in the form of a connection to an existing account.

The said feature had protections, but the researchers were able to circumvent them by creating an independent mechanism, not connected to the user's contacts, which sent queries according to the attacker's wishes.

By exploiting this vulnerability, an attacker could generate queries for ticking servers at multiples of 500 numbers per request, and in return receive cross-platform telephone numbers and profile details that were not sufficiently protected.

In this way, for example, the researchers were able to obtain the personal user details of popular account holders in Israel (singer, well-known architect, network influencer) and passed on the findings to Tiktok.

Matiktok said: "Privacy and protecting the privacy of Titok community members is our top priority, and we value collaborations with qualified partners like Check Point that help us identify potential issues and correct them before they affect users. We will continue to strengthen our defenses by Upgrading the internal capabilities and investing in automatic defenses, as well as by collaborating with external parties. "

  • Share on Facebook

  • Share on WhatsApp

  • Share on general

  • Share on general

  • Share on Twitter

  • Share on Email

0 comments

Source: walla

All tech articles on 2021-01-26

You may like

News/Politics 2024-02-29T11:14:47.110Z
News/Politics 2024-02-13T15:01:05.437Z

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.