According to The Verge, cybersecurity experts at Check Point Research have detected “multiple vulnerabilities” within video sharing app TikTok. These flaws demonstrated the social media app’s insecurity. This adds to the additional scrutiny that the Chinese-owned company has come under, in relation to data and privacy matters.
These concerns, CBC reports, have led some U.S. politicians to take the view that TikTok (owned by ByteDance), represents a national security threat.
One of the flaws is through the TikTok website, which allows users to send a text message to themselves containing a link to download its app on their devices. This, CISO Mag says, could lead to user data exploitation for malicious purposes.
To understand more, Digital Journal spoke with Executive Director Greg Wendt of Appsian. Wendt sets out why identity theft is especially concerning for mobile apps and why traditional login credentials are no longer effective.
According to Wednt, all social media remains at risk from hacking: “As long as its economically viable to steal identities – hackers will constantly look to evolve their tactics.”
However, some platforms are more at risk than others, such as TikTok: “This is especially troubling with mobile apps, where users are conditioned to receive notifications and alerts via SMS. If a hacker has your phone number, they essentially have a highly effective channel for corrupting your credentials (for a multitude of apps.)”
In terms of what actions should be taken, the correction requires a better understanding of use preferences, as Wednt explains: “Organizations must understand that in a connected, global economy – a person’s identity is ultimately the perimeter of an application. Usernames and passwords as a primary authentication model are not effective and additional authentication measures must be implemented – especially if access is coming from an unusual location.”
