Controls prevent phone fraudsters spoofing HMRC
The tax authority has put an end to fraudster’s mimicking its most recognisable helpline numbers to dupe taxpayers and steal money.
Security flaws on the TikTok video-sharing platform, that could have let hackers add or delete videos, change privacy settings and steal personal data, have been fixed after they were highlighted to developer ByteDance.
Researchers at security firm Check Point found multiple issues, all ripe for exploitation by hackers. It informed ByteDance of the problems in November.
TikTok said they were fixed and thanked the security firm for alerting them.
"Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us," it said in a statement.
"Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers."
A zero-day vulnerability refers to a security flaw that has not been previously disclosed.
Check Point added that the vulnerability was in place for most of 2019, and said this raised "serious questions" about whether any hacker had discovered it.
It said that ByteDance had "responsibly deployed" a solution within a month of it being told about the problem.
Much of the issue lay in the way that TikTok handled users' mobile phone numbers, which people must provide when they register for the app.
Check Point discovered that hackers could access these numbers and send texts on behalf of TikTok. In turn that allowed a hacker to:
Last week the US military told its personnel not to use the Chinese-owned app on government-issued phones, because of security concerns and fears over possible links to the Chinese government.
Initially popular in Asian countries, the short video creation platform has experienced huge growth in recent years and now has 1.5 billion downloads.