Your TikTok account could be compromised due to a bug in the famous popular network’s Android aplicación
There is a risk of your TikTok account being stolen and you may not even be aware of it. the people of Found by Microsoft a A serious vulnerability in the TikTok aplicación for Android (in principle, the vulnerability does not affect the iPhone version of TikTok), which would allow attackers Steal usuario account with one clic.
To carry out the attack it was only necessary Submit a backlink for the victim. This backlink is specifically created to steal the usuario’s account, which allows the attacker to access the usuario’s personal profile and all of its content while gaining full control over the account.
Fortunately, Microsoft ensures this the fallo has already been fixed by the TikTok development team and found no evidence that the vulnerability was exploited to steal accounts.
Attackers could steal TikTok accounts with a fácil backlink
As the researchers showed, vulnerability has an impact two versions of TikTok aplicación for Androidthe one aimed at the Asian market and the one that will be distributed in the rest of the world.
Let’s count the downloads of the aplicación targeting only the global market we get more than 1.5 billion installations worldwide, taking into account the information provided by Google plus Play. Since the Play Store is not available in China, the number of downloads of the aplicación aimed at this market is not entirely clear, but it is very likely that it will be well over the billion mark.
The vulnerability was discovered in the February of this year, and shortly after, TikTok was notified to fix the bug and protect users. The vulnerability was identified as CVE2022-28799.
As the researchers explain, the vulnerability affected all versions of the TikTok aplicación before 7/23/3. The operation involved creating a personalized dirección de Internet for each usuario, and when performed vía Android WebView, would load any website, allowing the attacker to take over the account with theirs A Javascript interfaz. The technical analysis of the vulnerability is available in Microsoft website.
It was enough for the usuario clic on the url. Although nothing happened to the naked eye, the attacker managed to achieve success in the background Get access token access the account and access or change the usuario’s account details, including private vídeos or profile settings.
Since the vulnerability has already been fixed, it is very important Keep TikTok aplicación updated to the latest version on your Android device, even more so now that the details of the breach have been exposed and attackers could try to access the accounts of users who still have old versions of the application.