Jan 8, 2020

Report details TikTok security vulnerabilities in 2019

Illustration: Aïda Amer/Axios

TikTok patched multiple holes in its security at the end of 2019 that had left the video sharing app's accounts, videos and user information potentially exposed for most of the year, as detailed in a new report from cybersecurity research firm CheckPoint.

Why it matters: No personal data was found to be compromised, but this report provides some of the first in-depth details of security risks faced by TikTok — which is under the microscope as lawmakers criticize its Chinese ownership.

  • "We did prove that it was possible for a hacker to actually gain sensitive information," CheckPoint's Ekram Ahmed said, adding that the company has not yet found specific evidence of personal data breaches.

The big picture: TikTok's exposure depended on vulnerabilities in SMS text messaging that have confounded many other social media platforms and mobile services.

Details: CheckPoint found that attackers could delete a user's videos, create a video from a user's account, make private videos public, and scrape a user's sensitive information — like their email address, payment information or birthday.

  • TikTok implemented fixes for these issues within 30 days of CheckPoint alerting the app in late November, spokespeople for both companies told Axios.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
— Luke Deshotels, TikTok Security Team

Go deeper: TikTok's rise lands it in critics' crosshairs

Go deeper

TikTok expands content rules, cracks down on misinformation

Photo: Chesnot/Getty Images

TikTok on Wednesday published a lengthy update to its rules of conduct, sharpening its definition of unacceptable content and its stance toward misinformation.

Why it matters: The move is an acknowledgment that TikTok's previous standards did not adequately address the onslaught of content-related issues that the video-sharing platform is starting to face as it grows.

Go deeperArrowJan 8, 2020

Lawmakers offer bipartisan update to children's online privacy law

Reps. Bobby Rush (L) and Tim Walberg. Photos: Alex Wong/Getty Images; Bill Clark/CQ Roll Call.

House lawmakers are introducing a bipartisan bill Thursday to update a long-standing children's online privacy law so that parents could force companies to delete personal information collected about their kids.

Go deeperArrowJan 9, 2020

Tech platforms struggle to police deepfakes

Illustration: Aïda Amer/Axios

Facebook, TikTok and Reddit all updated their policies on misinformation this week, suggesting that tech platforms are feeling increased pressure to stop manipulation attempts ahead of the 2020 elections.

Why it matters: This is the first time that several social media giants are taking a hard line specifically on banning deepfake content — typically video or audio that's manipulated using artificial intelligence (AI) or machine learning to intentionally deceive users.