TikTok has fixed a security vulnerability in the Android app that may cause account hijacking
TikTok has patched four security flaws in its Android program, which may lead to hijacking of user accounts, according to international media TechCrunch. Oversecure has discovered these vulnerabilities which could allow malicious apps on the same computer to steal confidential files such as session tokens from inside the TikTok program. Session tokens are tiny files that make users log in without inserting a password. These tokens will allow an intruder to enter the account of the user without needing a password if taken.
This vulnerability is used by malicious applications to insert a malicious file into the TikTok program. Once the user opens the application, the malicious file is triggered, allowing the malicious application to access and silently send the stolen session token in the background to the attacker’s server.
Oversafe founder Sergey Toshin told TechCrunch that this malicious program can also hijack the program permissions of TikTok, allowing it to access camera, microphone, and private computer data such as images and videos. The business has posted technical information on its website about the vulnerability.
TikTok said they patched them earlier this year, after Oversecure mentioned the vulnerabilities.