TikTok has been pwned via a zero day related to opening direct messages. That’s bad. But it gets worse:
According to the report, the bad actors behind these attacks are transmitting malware through DMs on the popular social media app. Distressingly, the malware does not require the victim to download any software or click on a malicious link. Apparently, all you have to do to potentially infect your device is open a DM with the malware present.
This is seemingly connected to a separate report from Semafor, which noted on Sunday that a hacker broke into CNN’s TikTok account last week, prompting the news organization to take the account down. While some CNN staffers told Semafor that the team had been lax with its digital safety practices, one network source added that the breach came from outside of the company. It’s entirely possible that a staffer opened one of the malicious DMs.
A CNN spokesperson told Semafor that the company is “working with TikTok on the backend on additional cybersecurity measures” to ensure that their account is secure during the presidential debates and other noteworthy events in the coming weeks. At the time of writing, the main CNN TikTok account is still unavailable on the platform.
Apparently other TikTok accounts have been pwned as well. What makes this worse is that anyone can be a victim of this attack. That’s not good. Ted Miracco, CEO of Approov had this to say:
“The TikTok security issue serves as a crucial wake-up call about the vulnerabilities present in apps from official stores. It highlights the need for greater transparency, cooperation, and the adoption of advanced security measures to protect users. Many users believe that apps available on official app stores are inherently safe. This perception is perpetuated by the rigorous app review processes that Google and Apple claim to implement. However, the reality is that even apps from these stores are not immune to zero-day vulnerabilities and sophisticated attacks.
“Zero-day vulnerabilities, by definition, are previously unknown flaws that can be exploited before the developer has a chance to address them. The presence of such vulnerabilities in popular apps like TikTok is alarming. It indicates that even the most widely used and scrutinized apps can have hidden security flaws, putting millions of users at risk.
“To build a more secure app ecosystem, transparency is key, and independence from Google and Apple controlling the release process. Developers need to control the process, and users need to be informed about the security measures taken by app developers and the potential risks associated with using certain apps. Furthermore, the industry must move towards open standards and greater cooperation among stakeholders. By addressing these challenges, we can work towards a safer and more secure app ecosystem.”
This is likely the last thing that TikTok needs. Hopefully they are completely transparent about what’s going on here and how they plan on addressing this. Otherwise this will add to their problems.
Related
This entry was posted on June 6, 2024 at 8:13 am and is filed under Commentary with tags TikTok. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
TikTok Pwned… Big Name Accounts Hacked
TikTok has been pwned via a zero day related to opening direct messages. That’s bad. But it gets worse:
According to the report, the bad actors behind these attacks are transmitting malware through DMs on the popular social media app. Distressingly, the malware does not require the victim to download any software or click on a malicious link. Apparently, all you have to do to potentially infect your device is open a DM with the malware present.
This is seemingly connected to a separate report from Semafor, which noted on Sunday that a hacker broke into CNN’s TikTok account last week, prompting the news organization to take the account down. While some CNN staffers told Semafor that the team had been lax with its digital safety practices, one network source added that the breach came from outside of the company. It’s entirely possible that a staffer opened one of the malicious DMs.
A CNN spokesperson told Semafor that the company is “working with TikTok on the backend on additional cybersecurity measures” to ensure that their account is secure during the presidential debates and other noteworthy events in the coming weeks. At the time of writing, the main CNN TikTok account is still unavailable on the platform.
Apparently other TikTok accounts have been pwned as well. What makes this worse is that anyone can be a victim of this attack. That’s not good. Ted Miracco, CEO of Approov had this to say:
“The TikTok security issue serves as a crucial wake-up call about the vulnerabilities present in apps from official stores. It highlights the need for greater transparency, cooperation, and the adoption of advanced security measures to protect users. Many users believe that apps available on official app stores are inherently safe. This perception is perpetuated by the rigorous app review processes that Google and Apple claim to implement. However, the reality is that even apps from these stores are not immune to zero-day vulnerabilities and sophisticated attacks.
“Zero-day vulnerabilities, by definition, are previously unknown flaws that can be exploited before the developer has a chance to address them. The presence of such vulnerabilities in popular apps like TikTok is alarming. It indicates that even the most widely used and scrutinized apps can have hidden security flaws, putting millions of users at risk.
“To build a more secure app ecosystem, transparency is key, and independence from Google and Apple controlling the release process. Developers need to control the process, and users need to be informed about the security measures taken by app developers and the potential risks associated with using certain apps. Furthermore, the industry must move towards open standards and greater cooperation among stakeholders. By addressing these challenges, we can work towards a safer and more secure app ecosystem.”
This is likely the last thing that TikTok needs. Hopefully they are completely transparent about what’s going on here and how they plan on addressing this. Otherwise this will add to their problems.
Share this:
Like this:
Related
This entry was posted on June 6, 2024 at 8:13 am and is filed under Commentary with tags TikTok. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.