Cyber security news for all

More

    Prominent TikTok Profiles Usurped via Ingenious Zero-Click DM Exploit

    The esteemed video-centric platform TikTok has divulged a perturbing security predicament, which has been manipulated by cyber miscreants to usurp high-profile accounts on the platform.

    Initial revelations surfaced through Semafor and Forbes, elucidating a zero-click account usurpation stratagem. This nefarious tactic employs malware disseminated through direct messages, compromising celebrity and brand accounts without necessitating any interaction from the user.

    The magnitude of the user base affected remains ambiguous, though a TikTok spokesperson asserted that the company has instituted preemptive measures to thwart the attack and avert future occurrences.

    TikTok has also communicated that it is collaborating directly with the compromised account proprietors to reinstate access. The attack ostensibly impacted a “minuscule” fraction of users, yet specifics regarding the attack’s nature or the remedial methodologies employed were conspicuously absent.

    This incident is not an isolated case of security vulnerabilities within the ubiquitous service. In January 2021, Check Point identified a flaw that could have potentially enabled malefactors to compile a database of the app’s users and their corresponding phone numbers for nefarious exploits.

    Subsequently, in September 2022, Microsoft unearthed a one-click vulnerability within TikTok’s Android application, which allowed adversaries to commandeer accounts upon victims engaging with a meticulously crafted link.

    Furthermore, approximately 700,000 TikTok accounts in Turkey were compromised last year. This incident was attributed to the greyrouting of SMS messages through insecure channels, allowing adversaries to intercept one-time passwords, thereby gaining unauthorized access to accounts and artificially inflating likes and followers.

    Malefactors have also exploited TikTok’s Invisible Challenge to disseminate information-stealing malware, underscoring the relentless endeavors of attackers to propagate malware through unorthodox avenues.

    TikTok’s Chinese provenance has ignited apprehensions regarding its potential to be a conduit for sensitive information gathering on American users and disseminating propaganda. This concern culminated in legislation proposing a ban on the app within the U.S. unless it severs ties with ByteDance.

    In a recent development, the social media behemoth lodged a lawsuit in the U.S. contesting the legislation, arguing that it represents an “extraordinary encroachment on free speech rights” and that the U.S. government’s rationale rests on “speculative apprehensions.”

    Nations such as India, Nepal, Senegal, Somalia, and Kyrgyzstan have already enacted similar prohibitions on TikTok. Moreover, several other countries, including the U.S., U.K., Canada, Australia, and New Zealand, have prohibited the app’s use on government apparatus.

    Recent Articles

    Related Stories