Saturday, February 20, 16:45
Home security TikTok: Fixed a vulnerability that would allow phone numbers to be stolen

TikTok: Fixed a vulnerability that would allow phone numbers to be stolen

TikTok started a bug bounty program after discovering various vulnerabilities in its application. This effort seems to be working well, as TikTok recently fixed a serious flaw discovered by security company Check Point Research. The vulnerability would allow hackers to use the app's "Friend Finder" feature to steal various details from users' profiles and phone numbers and then create a database of information that could be used for malicious attacks. .

TikTok

Check Point investigators noticed a flaw in the way TikTok's servers confirmed that Friend Finder requests came from legitimate phones. Using a unique device ID for each user phone, the application generates one user token and one session cookie. However, the team found that the cookies were valid for about 60 days, allowing them to be used in virtual devices instead of cell phones.

The vulnerability could allow a hacker to create a database with user data and their corresponding phone numbers. A hacker with this level of sensitive information could perform a number of malicious activities, such as phishing campaigns or other criminal acts. Researchers' message to TikTok users is that they should share as little as possible information by their personal data. They also need to update their operating system and applications to the latest versions.

Using some hacking tools, they could bypass TikTok's "HTTP message signing", change the function to gain contacts, and sign the request again. Because it all happened in one virtual device, the process could automated. This allowed researchers to create a database with "phone numbers, aliases, unique user IDs and settings, such as if a user is a follower or if one's profile user is private, "according to Check Point.

Η Check Point said he had discovered the vulnerability in recent months. "Check Point Research has informed our developers and security teams about this issue and responsibly developed a solution to ensured "Users can safely continue to use the TikTok application," the company said.

Source of information: engadget.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...
00:10:13

Phishing emails: How to recognize them and how to protect yourself?

https://www.youtube.com/watch?v=iME-CzlKVzc Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...