• About
  • Contact
Search
Close
Facebook Twitter Instagram
  • Marketplaces
    • OpenSea
    • Rarible
    • Nifty Gateway
    • Axie Marketplace
    • SuperRare
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Theta Drop
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sorare
    • Sandbox
    • Ultra
  • News
  • Rankings
Menu
  • Marketplaces
    • OpenSea
    • Rarible
    • Nifty Gateway
    • Axie Marketplace
    • SuperRare
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Theta Drop
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sorare
    • Sandbox
    • Ultra
  • News
  • Rankings
  • Register
  • Login
  • Marketplaces
    • OpenSea
    • Rarible
    • Nifty Gateway
    • Axie Marketplace
    • SuperRare
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Theta Drop
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sorare
    • Sandbox
    • Ultra
  • News
  • Rankings
Menu
  • Marketplaces
    • OpenSea
    • Rarible
    • Nifty Gateway
    • Axie Marketplace
    • SuperRare
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Theta Drop
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sorare
    • Sandbox
    • Ultra
  • News
  • Rankings
  • Register
  • Login
  • Hello,
    • Login
    • Register
    • Edit Profile
Menu
  • Hello,
    • Login
    • Register
    • Edit Profile
Search
Close
Search
Close
  • Home Page
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Marketplaces
    • Axie Marketplace
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Nifty Gateway
    • OpenSea
    • Rarible
    • SuperRare
    • Theta Drop
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sandbox
    • Sorare
    • Ultra
  • News
  • Rankings
    • Artists
    • By date released
    • By sales volume
    • By trading volume
    • Collections
  • Contact Us
  • About Us
  • Login
  • Register
Menu
  • Home Page
  • Crypto Wallets Reviews
    • Alpha Wallet
    • Binance
    • Coinbase
    • Enjin Wallet
    • Math Wallet
    • MetaMask
    • Trust Wallet
  • Guides
    • Buying
    • Minting
    • Promoting
    • Selling
    • Trading
  • Marketplaces
    • Axie Marketplace
    • Bakery Swap
    • Foundation
    • Know Origin
    • Larva Labs/CryptoPunks
    • Makers Place
    • Mintable
    • NBA Top Shot Marketplace
    • Nifty Gateway
    • OpenSea
    • Rarible
    • SuperRare
    • Theta Drop
  • Metaverse Projects
    • Chilliz
    • Decentraland
    • Enjin
    • Sandbox
    • Sorare
    • Ultra
  • News
  • Rankings
    • Artists
    • By date released
    • By sales volume
    • By trading volume
    • Collections
  • Contact Us
  • About Us
  • Login
  • Register

A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

  • admin
  • August 31, 2022
  • 4:01 pm
Home » A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

Updated: August 31, 2022

Share on facebook
Share on twitter
Share on telegram

A vulnerability in the TikTok app for Android could have let attackers take over any account that clicked on a malicious link, potentially affecting hundreds of millions of users of the platform.

Details of the one-click exploit were revealed today in a blog post from researchers on Microsoft’s 365 Defender Research Team. The vulnerability was disclosed to TikTok by Microsoft, and has since been patched.

The bug and its resulting attack, labelled a “high severity vulnerability,” could have been used to hijack the account of any TikTok user on Android without their knowledge, once they clicked on a specially crafted link. After the link was clicked, the attacker would have access to all primary functions of the account, including the ability to upload and post videos, send messages to other users, and view private videos stored in the account.

The potential impact was huge, as it affected all global variants of the Android TikTok app, which has a total of more than 1.5 billion downloads on the Google Play Store. However, there’s no evidence it was exploited at scale. Researchers involved with the discovery and disclosure praised TikTok for a quick response.

“We gave them information about the vulnerability and collaborated to help fix this issue” Tanmay Ganacharya, partner director for security research at Microsoft Defender for Endpoint, told The Verge. “TikTok responded quickly, and we commend the the efficient and professional resolution from the security team.”

According to details published in the blog post, the vulnerability affected the deep link functionality of the Android app. This deep link handling tells the operating system to let certain apps process links in a specific way, such as opening the Twitter app to follow a user after clicking an HTML “Follow this account” button embedded in a webpage.

This link handling also includes a verification process that should restrict the actions performed when an application loads a given link. But the researchers found a way to bypass this verification process and execute a number of potentially weaponizable functions within the app.

One of these functions let them retrieve an authentication token tied to a certain user account, effectively granting account access without the need to enter a password. In a proof-of-concept attack, the researchers crafted a malicious link that, when clicked, changed a TikTok account’s bio to read “SECURITY BREACH.”

Fortunately, the vulnerability was detected, and Microsoft has used the opportunity to stress the importance of collaboration and coordination between technology platforms and vendors.

“As threats across platforms continue to grow in numbers and sophistication, vulnerability disclosures, coordinated response, and other forms of threat intelligence sharing are needed to help secure users’ computing experience, regardless of the platform or device in use,” wrote Microsoft’s Dimitrios Valsamaras in the blog post. “We will continue to work with the larger security community to share research and intelligence about threats in the effort to build better protection for all.”

Although the TikTok app is not known to have suffered any major hacks so far, some critics have branded it a security risk for other reasons.

Recently, concerns have been raised over the extent to which US users’ data can be accessed by China-based engineers at ByteDance, TikTok’s parent company. In July, Senate Intelligence Committee leaders called on FTC chair Lina Khan to investigate TikTok after reports brought into question claims that US users’ data was walled off from the Chinese branch of the company.

TikTok had not responded to questions from The Verge by time of publication.

Featured Guides

The Verge’s 2023 Father’s Day Budget Gift Guide

The Verge’s 2023 Father’s Day Gift Guide

Crypto City: Guide to Osaka, Japan’s second-biggest city

The Verge’s 2023 Mother’s Day Budget Gift Guide

The Verge’s 2023 Mother’s Day Budget Gift Guide

The Verge’s 2023 Mother’s Day Budget Gift Guide

Popular Posts

Microsoft has no shame: Bing spit on my ‘Chrome’ search with a fake AI answer

Samsung’s next foldable-focused Galaxy Unpacked will take place in late July

Spotify’s podcast future isn’t very original

With iOS 17, Apple lets you share AirTags with friends and family

Siri can now multitask

The Flash’s meta-ness is its only trick, and its undoing

Popular Tweets

Newsletter

Add your email to receive some updates

Facebook Twitter Instagram Telegram

Website Map

  • Crypto Wallets Reviews
  • Guides
  • Marketplaces
  • Metaverse Projects
  • News
  • Rankings
Menu
  • Crypto Wallets Reviews
  • Guides
  • Marketplaces
  • Metaverse Projects
  • News
  • Rankings

About Us

  • Home Page
  • About Us
  • Careers
  • Contact Us
  • Legal Disclaimer
Menu
  • Home Page
  • About Us
  • Careers
  • Contact Us
  • Legal Disclaimer

© 2022 Topnftguide. All Rights Reserved.