The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: TikTok

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

June 05, 2021Ravie Lakshmanan
Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch , went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes. "We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection," the ByteDance-owned company  said  in a newly introduced section called "Image and Audio Information." On top of this, the company's privacy policy also notes that it may collect information about "the nature of the
TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

January 26, 2021Ravie Lakshmanan
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News. TikTok has deployed a fix to address the shortcoming following responsible disclosure from Check Point researchers. The newly discovered bug resides in TikTok's " Find friends " feature that allows users to sync their contacts with the service to identify potential people to follow. The contacts are uploaded to TikTok via an HTTP request in the form of a list that consists of hashed contact names and the corresponding phone numbe
Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

July 11, 2020Ravie Lakshmanan
Following vulnerability disclosure in the Mitron app , another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature. Originally launched in November 2018, Chingari has witnessed a huge surge in popularity over the past few days in the wake of India's ban on Chinese-owned apps late last month, crossing 10 million downloads on the Google Play Store in under a month. The Indian government recently banned 59 apps and services , including ByteDance's TikTok, Alibaba Group's UC Browser and UC News, and Tencent's WeChat over priv
Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

May 30, 2020Mohit Kumar
Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a highly popular video social platform where people upload short videos of themselves doing things like lip-syncing and dancing. The wrath faced by Chinese-owned TikTok from all directions—mostly due to data security and ethnopolitical reasons—gave birth to new alternatives in the market, one of which is the Mitron app for Android. Mitron video social platform recently caught headlines when the Android app crazily gained over 5 million installations and 250,000 5-star ratings in just 48 days after being released on the Google Play Store. Popped out of nowhere, Mitron i
Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

January 08, 2020Mohit Kumar
TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. In a report privately shared with The Hacker News, cybersecurity researchers at Check Point revealed that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent. The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including: delete any videos
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.