- Back Door Vulnerabilities
- Privacy Issues
- Security Review
This is an application that has over a billion users, BILLION. It has strong ties to China, it has known vulnerabilities, and there are questions over how it handles user data. And with this many users, the app is certainly ripe for hackers to take advantage of.
First up, lets talk about these back door vulnerabilities. Check Point Research released a report in January 2020 about potential risks embedded within the application. Check Point uses a combination of open source data, ThreatCloud network, and dark web intelligence to do their research, and they’re a well-known cybersecurity firm.
In their research Check Point found that you could send a specially crafted SMS message to any phone number on behalf of TikTok. Why is this bad you ask? A malicious actor could use this organically occurring feature of the application to generate a legitimate SMS message, and send it to their victim of choice. The vulnerabilities present would allow attackers to do any one of the following:
- Obtain access to TikTok accounts to manipulate content
- Delete user videos
- Upload unauthorized videos
- Make private “hidden” videos public
- Reveal personal information saved on the account such as private email addresses
Check Point even released video of their attack methods here.
While the vulnerabilities weren’t easy enough for the average script-kiddie to go and implement, they still were a problem. They informed TikTok of the vulnerabilities they found in November 2019, and TikTok addressed them in December 2019. The report was then released after notification was made and all reported issues were patched. I have not heard anything on whether or not these vulnerabilities are still present, but it at least gives you a small reason for concern.
The next concern is their handling of user data and privacy. TikTok has been in the news several times for how it handles personal data for all users, but especially its younger users, and how/if it prioritizes the safety of children online its social network.
Since February 2019, the Federal Trade Commission fined Musical.ly for a record $5.7 million for illegally collecting the personal information of children. Then an Indian court then banned TikTok for exposing children to sexual predators, pornographic content, and cyberbullying (full disclosure, this was later overturned after TikTok addressed the concerns). Last summer, BBC reported on young fans being exploited by influencers within the app; young fans would send money to an influencer for a chance at a personalized message or other reward. Some of these would go without response, but others complained that the app pushed the gifting feature too heavily.
And finally, we have the security review. In October, two senior senators, Chuck Schumer (D-NY) and Tom Cotton (R-AR) called for U.S. intelligence officials to investigate TikTok for any threats to national security it may pose. Their request, first reported in the Washington Post, prompted officials to investigate TikTok’s data collection practices and to determine whether the Chinese government had any say in what content Americans saw on the app. Senator Marco Rubio (R-FL) also wrote in a request to the Treasury Department’s Committee on Foreign Investment in the United States to conduct a full review on the potential national security risks posed by TikTok’s acquisition of Musical.ly.
Ultimately, TikTok is owned by ByteDance, a Chinese Tech company. Could this be used for data surveillance and censorship by the Chinese government? So says Nick Frisch, a Yale graduate student in the New York Times. How much of the concern out there is due to the constant back and for3th trade war between the United States and China? We don’t really know. Personally, I don’t use it, nor do I plan on using it. I have concerns about how it handles privacy. I also have concerns over potential cyber issues within the app itself.
There is a lot of really good reporting out there on the dangers of TikTok. Yes, they’ve done a lot to fix many of these mistakes, but they continue to get caught up in more drama. Is Facebook perfect? Absolutely not. Instagram? Definitely not. But I trust them just slightly more than TikTok. Maybe I’m paranoid, but maybe there is truth to it. I refused to use the FaceApp application that came out a while back because it was run by a Russian company. Data mining for future Artificial Intelligence opportunities? Who knows. We know that TikTok is leveraging AI to better understand its users and to craft an application specific to each user. We also know China is always trying to collect information on the United States and anyone else they can get their hands on, what makes this any different? China has quite a large foothold on the businesses that are run out of the country, you’re expecting me to believe they have zero say in how TikTok runs? False.
**This article is also available at http://www.allymarie.net/the-truth-about-tiktok/ **