Update TikTok now, unless you want to be hacked

TikTok logo displayed on an iPhone.
(Image credit: XanderSt/Shutterstock)

Hey, kids of the world -- update your TikTok apps! 

That's because older versions of the Chinese-made video-sharing app, insanely popular with teenagers, can be exploited to alter accounts, delete or add videos, or reveal private videos or even personal information.

Researchers from Israeli cybersecurity firm Check Point detailed the flaws in a long research paper released today (Jan. 8). Not to go too far into detail, but the TikTok website had a number of flaws that let attackers send malicious SMS texts to mobile phones, force the TikTok app on user phones to open malicious web pages, and even delete and add videos to user accounts.

The Check Point researchers dissected the effect of malicious activity on the Android TikTok app and not the iOS one, but because many of the problems were on the TikTok server side and not on the user client side, most of these flaws can be exploited on either mobile platform. 

Fortunately, all the flaws have been fixed in recent app updates. 

"Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app," said TikTok security team member Luke Deshotels in a joint statement with Check Point. "We hope that this successful resolution will encourage future collaboration with security researchers."

As of this writing, the latest versions of TikTok are 14.4.0 on iOS and 14.4.11 on Android.

TikTok has been banned from the smartphones of most active-duty U.S. service members, but that's because the U.S. government sees the app as a Chinese military threat, not because of lax website security. (As far as social-networking apps go, TikTok protects your privacy pretty well.) More than a billion people worldwide have installed either the TikTok app or its China-only sister app Douyin. 

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.