Amidst the havoc that has been data breaches, another one bites the dust! Microsoft on Wednesday disclosed that they had found a high-severity flaw in the Android version of the TikTok app that gives the hackers a free way to hijack a user's accounts with One SINGLE click.
The issue had apparently been reported to Tiktok back in February and was quickly fixed before it could be exploited. If it had not been detected on time, the bug would have affected the Android Tiktok app, which has around 1.5 Billion installations on Google Play.
"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link."
"Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users." Dimitrios Valsamaras of the Microsoft 365 Defender Research Team stated in the official Microsoft post addressing the issue.
These exposed methods could help threat actors access Private information videos of users and modify them. By invoking such methods, an attacker can:
- Retrieve the user's authentication tokens by triggering a request to a controlled server and logging the cookie and the request headers.
Remember the many times you've been reminded not to click unknown links, but sometimes you do them anyway, and suddenly everything's going haywire? Yes, that is what the fuss is all about!
The vulnerability was tracked to be CVE-2022-28799 which is associated with the deep link and how it is implemented. The CVSS (Common Vulnerability Scoring system), an open framework for communicating the severity of a software vulnerability, gave this vulnerability a score of 8.3 (according to the Microsoft post).
This CVSS score of 8.3 is considered a High Qualitative rating, meaning it needs to be addressed quickly!
Dwelling on why all it would take for the issue to take over your app is One Click?
Want To Protect Yourself Against Such Future Vulnerabilities?
Listed below are the go-to methods to ensure you have done all you can to protect yourself from these security threats.
1) Keeping Your App Up to Date:
The unprecedented way to protect yourself from such vulnerabilities is to make sure that your app is up to date, which essentially means that you have to make sure that you have the latest version of the app downloaded on your mobile phone.
This is because an app only really updates its version when it either has added new features or fixed a bug. In any of the mentioned cases, downloading the latest version on your mobile phone would be wiser and more helpful.
2) Install the App From Official Sources:
Installing the app from an official source reassures you that it is the original version and the safest one at that.
When you download the app from untrustworthy sources, there is a high chance that it contains bugs and viruses that could leech onto your phone and access your private files and information. It is recommended to install the app from an official source.
3) Reporting Strange Behavior:
Another way you can protect yourself from such threats is if your app starts acting up. Your first course of action should be to file an official complaint on the Customer forum of the app.
When you do this, and if the app receives similar complaints from other users, it incentivizes them to fix such issues for a better user experience.
These are a few you can use on your end to ensure that you, as a user, are protected.
Are the Apps Becoming More Vulnerable?
Tiktok is only one of the many well-known apps facing such security issues lately.
With the kind of technological advancements in the world, you would think that such issues would be few and far between, but alas, these seem to come up more and more. And according to some sources, lately, apps are becoming more vulnerable to such attacks!