Breaking News Emails
An Israeli research team has identified several security flaws with the short-form video app TikTok, which allowed hackers to upload or delete user videos and access personal user information, according to a report released Wednesday morning.
Check Point Research, a cyberthreat intelligence research team in Israel, found that hackers could have used malicious links to manipulate the content that users uploaded to the app. The researchers were also able to access user information, such as names, email addresses and birthdays.
The researchers were able to manipulate the link sent to TikTok users by text message when they set up an account with the app.
If a user clicked the malicious link, a hacker would be able to perform unwanted actions, such as uploading videos or deleting videos on an account.
"Furthermore, Check Point researchers learned that a hacker can force a TikTok user onto a web server controlled by the hacker, making it possible for the attacker to send unwanted requests on behalf of the user," the research team said in a press release.
In a press release by Check Point, researchers said that they made TikTok aware of the vulnerabilities in late November 2019, and "a solution was responsibly deployed within a month to ensure TikTok users can safely continue to use the application."
On Wednesday, TikTok released new community guidelines, providing guidance on what would and wouldn't be allowed on the platform.
"We do not allow dangerous individuals or organizations to use our platform to promote terrorism, crime, or other types of behavior that could cause harm," the new guidelines state. "When there is a credible threat to public safety, we handle the issue by banning the account and cooperating with relevant legal authorities."
The guidelines state the types of content that are not allowed on the platform, including hate groups, violent extremist organizations and homicide.
It also stated illegal activities, like assault and kidnapping regulated goods, like the sale of firearms, would not be allowed on the platform.
A TikTok spokesperson told NBC News via email that the new guidelines were not in response to the Check Point report.
The report comes as TikTok has recently come under scrutiny for its security practices. Last month, the U.S. Army banned the app from all government-owned phones, at the guidance of the Pentagon. The move followed the Navy, which also banned the app.
The app, owned by Chinese-based tech company ByteDance, was previously scrutinized in October when Sens. Chuck Schumer, D-N.Y., and Tom Cotton, R-Ark., sent a letter to acting Director of National Intelligence Joseph Maguire asking him to assess TikTok and other China-based companies for potential security risks.
A risk assessment of the app was later said to have been opened by the U.S. government.
In a statement given to Check Point Research, TikTok said security was a top priority for the app.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," Luke Deshotels, of TikTok's security team, said.
In an email, TikTok sent the same quote from Deshotels to NBC News, but added: "Following a review of customer support records, we can confirm that we have not seen any patterns that would indicate an attack or breach occurred."