A “excessive severity” safety flaw in TikTok’s Android app put a whole bunch of hundreds of thousands of the favored social media app’s customers liable to having their accounts hijacked, Microsoft’s cybersecurity staff stated Wednesday.
The flaw would have let hackers take over a TikTok person’s account by getting them to click on on a single hyperlink, the researchers stated.
“Attackers may have leveraged the vulnerability to hijack an account with out customers’ consciousness if a focused person merely clicked a specifically crafted hyperlink,” Dimitrios Valsamaras of Microsoft’s 365 Defender analysis staff wrote.
“Attackers may have then accessed and modified customers’ TikTok profiles and delicate data, resembling by publicizing non-public movies, sending messages, and importing movies on behalf of customers.”
TikTok mounted the flaw after being notified by Microsoft and there’s no proof it was truly exploited by hackers, each corporations stated.
The iPhone model of the app was reportedly not affected.
The Chinese language-owned social media app has greater than 1 billion lively customers.
“By way of our partnership with safety researchers at Microsoft, we found and rapidly mounted a vulnerability in some older variations of the Android app,” a TikTok spokesperson informed The Submit. “We admire the Microsoft researchers for his or her efforts to assist establish potential points so we will resolve them.”
If the flaw hadn’t been found, it may have affected a whole bunch of hundreds of thousands of Android customers throughout the globe. TikTok’s app has been downloaded by means of the Google Play Retailer greater than 1.5 billion instances.
In response to Microsoft’s report, the safety staff was capable of create a hyperlink that gave them entry to a person’s account with out their password.
When a person clicked on the hyperlink as a part of a check, Microsoft was capable of change the person’s account to “!! SECURITY BREACH !!!”
“This case shows how the flexibility to coordinate analysis and menace intelligence sharing by way of knowledgeable, cross-industry collaboration is important to successfully mitigate points,” Valsamaras wrote. “We are going to proceed to work with the bigger safety neighborhood to share analysis and intelligence about threats within the effort to construct higher safety for all.”