CounterPoint Research has detailed a bug buried inside popular Chinese-based short video message platform TikTok, which could let bad actors take over your account. They could do so by just sending an SMS text, using a technique called SMS Link Spoofing.
Through SMS Link Spoofing, hackers could be able to send TikTok users text messages on behalf of the company.
On top of SMS link spoofing, there were also other security foibles like open redirection and cross-site scripting (XSS) that could be combined to take over an account.
The bugs could let attackers;
- Get hold of TikTok accounts and manipulate their content
- Delete videos
- Upload unauthorized videos
- Make private “hidden” videos public
- Reveal personal information saved on the account such as private email addresses
However, the company’s security team reported that no user data was compromised.