Over 1 billion TikTok Users Are At Risk Of ‘1-Click Account Hijacking’
The Microsoft Defender Research Team has found a bug in the TikTok android app. They revealed that over 1 billion TikTok users are at risk of ‘one-click account hijacking.’
According to Microsoft, a high-severity flaw in the TikTok Android app could have made it possible for accounts to be taken over “with a single click.”
The business revealed that a series of problems might have been exploited to create a scenario where an account could have been compromised with just one click on a specially crafted link in a paper posted to the Microsoft Security blog.
Then, according to Microsoft, “attackers might have accessed and edited users’ TikTok accounts and sensitive information, like by making public-private movies, sending texts, and uploading videos on users’ behalf.”
The versions of the TikTok Android app, which have been downloaded more than 1.5 billion times overall, allegedly have the aforementioned vulnerability.
The problem stemmed from the app’s use of JavaScript interfaces, which are prevalent across TikTok for Android.
The study delves into the technical details, but in short, Microsoft was able to show an account compromise by taking advantage of the way the app handled JavaScript APIs in conjunction with the way Android routed URLs.
Fortunately, the investigators did not find any evidence that the vulnerability had been used in the wild; the problem was quickly fixed once it was made public back in February.
Microsoft believes that the TikTok security team deserves praise for how quickly and effectively it responded to the situation.
Although the bulk of TikTok users will already have access to the patch, worried users can make sure they are secured by updating their app to the most recent version.