Microsoft finds TikTok flaw that could lead to user accounts being compromised

 

Microsoft finds TikTok flaw that could lead to user accounts being compromised
Microsoft finds TikTok flaw that could lead to user accounts being compromised

Microsoft has recently discovered a flaw in TikTok, an app used to share short video clips with friends and family across various social media platforms.

Microsoft finds TikTok flaw that could lead to user accounts being compromised

According to an announcement released yesterday by the Microsoft Security Response Center (MSRC), the vulnerability allows unauthorised users to reset account passwords, meaning that once an attacker has taken control of your account they will be able to access your personal information and use it for malicious purposes such as identity theft or phishing attacks. How can this happen?


What is a software vulnerability?

  1. A software vulnerability is a coding error in the source code of an application, which could be exploited by hackers to gain control over your computer or device. 
  2. This usually means they can read your data or encrypt it and ask for a ransom, but this differs from attack to attack.
  3. There are also known cases where vulnerabilities have been used for creating botnets (a type of distributed denial-of-service). These attacks are often invisible, as antivirus won't detect them.
  4. To avoid these security issues with social media apps, disable auto-signing into the app via third party apps such as Facebook Connect. 
  5. This advice applies not only to TikTok but any other app you use with third party login functionality enabled. 
  6. Alternatively, keep your account details safe by enabling two-factor authentication on all accounts connected to social media apps and browsers - if you don't know what two factor authentication is, here's how it works. 
  7. Once you set up two factor authentication on one account using your phone number or email address, every time you log in to another service using Google Authenticator (or another supported app), you'll need either a unique password or verification code sent via text message before logging in successfully.


Details on the new bug

  • The latest cybersecurity concern involves a security risk with the new TikTok social media app. According to Microsoft, some of the application's files were encrypted improperly and can be read by anyone who knows how to exploit them.
  • At this time, Microsoft is not aware of any exploitation of these vulnerabilities and is monitoring usage data. This vulnerability only applies if the application is downloaded directly from an unsafe source rather than through Google Play Store.
  • There are no signs that this vulnerability has been exploited thus far in this way, but users are advised not to download apps from third-party sources on their phones or tablets for additional safety precautions.
  • To avoid malware infections, do not enter passwords into any pop-up boxes after installing an app. Be sure to regularly update your phone and its operating system.


How it works (high level)

  • The flaw, as Microsoft puts it, involves a persistent installation of an app on the Android phone after the user has uninstalled it. By creating fake error messages, hackers are able to convince the phone's operating system that the app is still installed.
  • This trick enables them to access information such as photos and text messages. To overcome this security issue and install malicious software on someone's phone, all hackers need is physical access to their device for as little as 30 seconds.
  • Once installed, they can take control of the victim's phone by using certain techniques to avoid detection from the other apps on the device. In addition, because most people use predictable passwords or PINs, they're easily hacked through brute-force attacks in which computer programs guess every possible combination until they find one that works.
  • However, there are ways to protect yourself against this vulnerability: you can turn off notifications from your Instagram account so as not to be alerted when new comments appear; change your password often and always use strong passwords; and turn off AutoFill so that sensitive data like your bank account numbers are not automatically entered into apps or forms while completing transactions online.


Can you protect yourself?

Many people these days use their phone to access social media and their emails. There are two steps you can take in order to protect yourself. One is to create unique passwords for your various social media accounts and store them in a secure place. The second is if you use the same password on your device and other sites, make sure you use a strong one.

A strong password includes uppercase letters, lowercase letters, numbers and symbols. You should also change your passwords regularly to keep up with security measures that may be added by a company or website. In addition, you should set limits on how many times a day someone can try to get into your account. For example, if someone tries 10 times in an hour, they’ll be locked out of the account for 30 minutes before they can try again. 

As always it's important to stay safe online so remember: create unique passwords and change them often!

SOURCE : Yasoquiz




Reading Mode :
Font Size
+
16
-
lines height
+
2
-