• Cybersecurity

    Researchers demonstrate how multiple TikTok account can be hacked by sending SMS.

    hacking tiktok account

    How multiple TikTok Accounts can be Hacked by SMS.

    TikTok, has been the the third most downloaded app in 2019, due to it's pleasing features, a lot of people have been using the app but of recent a malicious way of "hacking peoples" account has been discovered by Researchers, this could be done by sending a single message to it's target, this malicious and new way of "hacking TikTok users account" hasn't been blocked yet as millions of TikTok users account are under scrutiny.

    As we all know everyone loves to keep there details private and wouldn't love hackers intruding there privacy. A famous Chinese viral video has been released on how you can hack TikTok users account just by sending a simple text message.
    In report published by a Cyber Security group, through checkpoint it was discovered this attack able to hijack multiple users information without there consent.

    The reported vulnerabilities found indicates that the exploit includes, SMS link spoofing, open redirection an cross-site scripting (XSS) when this is combined it is able to allow the exploit to perform the following attack without the users consent.
    • Deleting an Vidoes from TikTok users profile.
    • Uploading of unauthorized vidoes or content to blackmail or deface user.
    • Releasing of private contents of TikTok users public.
    • Releasing of private videos made private to the public.
    Not so long that Three andriod apps with vulnerabilities was discovered, this new system of attack is able to leverage an insecure SMS system that the TikTok offers on it's website and its enables users to send messages to there phone and also enable them to do video-sharing, this attack exploit on it's application via this message sending.

    According to Researcher, an attacker can send an SMS to any Phone Number on behalf of TikTok, using a modified download URL, designed but it's a malicious page meant to execute and exploit their target, when this attack is combined with pen redirection and cross-scripting issues, the attack could allow hackers to execute JavaScript codes, on behalf of victim, as soon they click the TikTok link sent over sever as shown in the demonstration video above, the hacker gain access into there account, this technique is known as Cross-Site request forgery attack, thus the hacker trick the TikTok user to click on a malicious link.
    tiktok account hacking

    Due to lack of anti-Cross-Site request forgery mechanism, we realized we can run JavaScript code and perform actions on behalf of the victim without there consent," as said by the researchers in blog post published today.
    JavaScript code on how to hack TikTok

    "Redirecting a TikTok user to a malicious website which will make them execute codes and make request with the users cookies.
    Checkpoint had reported this vulnerability to TikTok security branch in November last month and within a month a patch was found for it. So if you are using an Old version of TikTok app please kindly update your app now.

    If you have anything to say please leave a comment for us below or follow our social media for latest updates on TCsecurity.