Attention Tik Tokers! Your videos are viral in more ways than expected

Researchers show how hackers can intrude into Tik Tok accounts with the help of a simple SMS.

Now-a-days talent goes places very easily.

So does the perils of the same.

Hidden vulnerabilities in popular platforms of the virtual variety spare none, not even the most innocent netizen.

Tik Tok, the name which ticks off a thousand notes in a million minds is no longer safe.

It is globally the 3rd most frequently downloaded video sharing application of Chinese origin which is under serious safety scrutiny. The dangers of unchecked access to it have spread its wings consuming its popularity as an efficient audio visual application.

It is being examined for various causes including objectionable political content, possibilities of endangering national security, privacy of its users and that of the content that is being posted on it.

Such is the condition of app's privacy quotient that remote hackers can manipulate any user's account on Tik Tok by just using a data as simple as the respective user's mobile number as reported by cyber security researchers At the IT research firm Check Point. It has further reported that ‘chaining multiple vulnerabilities' allowed them to remotely execute malicious code and conduct unparliamentarily activities on behalf of the account holder without their notice.

The bugs that have jeopardized TikTok's consumer credentials are low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when culminated could cause a malicious hacker to strike a forceful hacking attack like

• deleting any videos from victims' TikTok profile,
• uploading unauthorized videos to victims' TikTok profile,
• making private "hidden" videos public,
• Revealing personal information saved on the account, such as private addresses and emails.

Such an attack is fuelled by a vulnerable SMS system that TikTok offers on its website to let users send a message to their phone number with a link to download the video-sharing application.

According to the researchers, an attacker can send an SMS message to any phone number on behalf of TikTok with a modified URL downloaded to a malicious page designed to execute a code on a targeted device with already installed TikTok app.

When coupled with open redirection and cross-site scripting issues, the hacking onslaught could allow hackers to execute JavaScript code on behalf of victims as soon as they click the link sent by TikTok server over SMS.

The modus operandi is commonly known as cross-site request forgery attack, in which hackers cajole real users into conducting a malicious action.

"With the lack of anti-Cross-Site request forgery mechanism, we realized that we could execute JavaScript code and perform actions on behalf of the victim, without his/her consent," the researchers said in a blog post.

"Redirecting the user to a malicious website will execute JavaScript code and make requests to Tiktok with the victims' cookies."

Check Point submitted their research report to ByteDance, the developer of TikTok, in late November 2019, who then released a patched edition of its mobile app within a month to safeguard its users from attackers.

So do download the patched up TikTok app from the app stores of Android and iOS to make your Tik Tok experience a happy and hacking free one.

There are various academic courses on ethical hacking like the CEHv10.0 offered at ISOEH, the most trusted academic institute of latest skill development curriculum on ethical hacking, which can help users as well as professionals fight the hacking menace in the digital world of today's.

Should we abstain from being too virtual in order to avoid intrusion on our privacy?

What is the way to keep a layman's life safe from the predators in the world wide web?

Let us know once you read this write up.