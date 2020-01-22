On Jan. 8, cyber security company Check Point Software Technologies announced that its research had discovered serious security vulnerabilities with video messaging app TikTok. The research found that a hacker could send a spoofed SMS message to a TikTok user containing a malicious link which, if clicked, would enable the attacker to assume control of the user’s account, allowing the hacker to upload videos and make a user’s private videos public.

An additional security loophole exposed by Check Point’s researchers would allow a bad actor to retrieve personal information saved on user accounts. According to media reports, TikTok was made aware of Check Point’s research in November last year, and by Dec. 15 had deployed a fix for the vulnerabilities.

Check Point’s Head of Product Vulnerability Research, Oded Vanunu, says that the vulnerabilities discovered by the researchers were all core to TikTok’s systems. The company also tested how easy it would be to hack into TikTok user accounts. It discovered that certain app functions, including sending video files and documents, contained security flaws.

The last two years has seen explosive growth for TikTok within the US market, making the app a rare success story in the West for a Chinese technology company. However, some US lawmakers have raised concerns over the potential for covert eavesdropping. Meanwhile, the five main branches of the US military have already banned the app’s use on government-issued devices over fears it could compromise national security. Additionally, US security officials have called on military personnel and their family members to remove the app from their personal devices.

(Translated by Edward Jones, Taipei Times)

報導指出，Check Point本月八日發布的研究報告發現，TikTok存在嚴重的安全漏洞，駭客可以透過這些漏洞，向TikTok使用者發送帶有惡意連結的訊息，而其他使用在點擊連結後，駭客就能夠控制他們的帳戶，包括上傳影片或訪問私密影片。

另外，透過另外一個安全漏洞，Check Point研究人員也可以從該公司網站上，取得TikTok使用者帳戶的個人訊息；報導指出，對此TikTok表示，公司在去年十一月了解到Check Point的研究，並表示已在十二月十五日之前修復所有漏洞。

Check Point產品漏洞研究主管瓦努努(Oded Vanunu)向該報指出，研究人員發現，這些漏洞都存在TikTok系統的核心部分；Check Point也檢驗了入侵TikTok使用者帳戶的容易程度，發現應用程式中的各項功能包括發送影片、文件等，都存在安全問題。

TikTok過去兩年在全美爆炸式增長，也成為中國科企在西方取得成功的罕見案例，但也有議員對TikTok提出安全隱憂，認為該程式可能會遭到竊聽；先前美軍五大軍種也已可能產生的國安風險為由，相繼宣布禁止與政府有關的任何裝置使用抖音，也呼籲軍方及家屬私人手機移除抖音。

(自由時報)