TikTok Vulnerability Allows Hackers to Send Victims Malicious SMS Links

TikTok has become incredibly popular in recent months, but it hasn’t escaped security issues. Experts from Check Point have discovered multiple vulnerabilities in the TikTok app.

According to the researchers, a hacker could take control of a victim’s account and gain access to personal data such as names, email addresses, and birth dates.

It’s worth noting that TikTok has been downloaded over a billion times worldwide on both Android and iPhone devices. Because of these security holes, the privacy and safety of all users who have downloaded the app are at risk.

The Check Point team is currently unsure whether these vulnerabilities have been exploited in real-world attacks, but their experts are working with TikTok’s developers to fix the security issues.

How the SMS Vulnerability Works

One of the discovered flaws involves TikTok’s SMS features. For example, the service allows users to send themselves a text message with a link to download the app. However, a hacker can exploit this process for malicious purposes.

To carry out this type of attack, the criminal needs to know the victim’s phone number. The attacker’s identity remains hidden during the exploitation of the vulnerability.

As a result, the hacker can edit the link in the message, replacing it with a malicious URL. When the victim receives such an SMS, they are likely to click the link without suspecting an attack, which can lead to malware being installed on their device.

Staying Safe

• Be cautious of unexpected SMS messages, even if they appear to come from trusted apps.
• Always verify links before clicking, especially if prompted to download or install anything.
• Keep your apps updated to ensure you have the latest security patches.

Security experts recommend staying vigilant and keeping your devices and apps up to date to minimize the risk of falling victim to such attacks.