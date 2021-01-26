A critical vulnerability detected in the social network TikTok allowed access to user data such as phone number, name, profile picture, avatar or even profile settings, researchers from Check Point Research revealed.

TikTok is one of the most popular social applications today, with more than 1 billion users in more than 150 countries around the world. The vulnerability identified, in particular, is found in the function “Find friends”, as highlighted from Check Point.

Through the flaw, a cybercriminal could access the user’s profile information (phone number, name, profile picture, avatar, unique identifications, and profile settings), allowing the creation of a database that could later be used to malicious activities.

According to experts from the Israeli computer security agency, the cybercriminal could create a list of devices (device IDs) that will be used to query TikTok servers, or create a list of session tokens (each session token is valid for 60 days) that will be used to query the TikTok servers.

You could also use the information to bypass TikTok’s HTTP message signing mechanism by using your own signature service running in the background, or put all these elements together to modify, reassign HTTP requests and use various session tokens and device IDs to bypassing TikTok’s protection mechanisms.

In this regard, Check Point reported in a statement that shared his discovery with ByteDance, company responsible for TikTok, and targeted during the administration of Donald Trump as a threat to the national security of the United States.

TikTok, in the sights of Italy

The funeral of Antonella Sicomoro, 10, who died after performing a viral challenge on TikTok. Photo: DPA

The Israeli firm’s finding comes amid Italy’s request for age restrictions to be stepped up following the death of 10-year-old Antonella Sicomoro in a viral challenge called the “Black Out Challenge.”

Italy’s data protection watchdog recently ordered the social network TikTok to intensify controls on accounts, after the minor apparently died from participating in one of the viral challenges circulating on the platform.

The girl put a belt around her neck and squeezed to participate in the “Black Out Challenge”, an extreme choking test in which it is about holding on as long as possible without breathing, for which the Italian authorities have opened a file for “incitement to suicide” on the platform.

The family of the 10-year-old girl found her, after which she was rushed to the hospital, where however the doctors could do nothing for her and declared her brain dead.

“The safety of the TikTok community is our highest priority, we are at the disposal of the competent authorities to cooperate in their investigations,” said the company.

With information from DPA