Skip to main content

TikTok terror! Severe bug allowed hackers to hijack accounts with just one click

TikTok
(Image credit: Future)

TikTok is an onomatopoeic word for a sound that indicates the progression of time, but when it comes a nasty bug recently discovered on the social media app, hackers could easily beat the clock and hijack your account in a flash.

The Microsoft 365 Defender Research Team reported (opens in new tab) that a nasty vulnerability was found on the TikTok app for Android. Fortunately, the "high-severity" bug labeled as CVE-2022-28799 is now fixed.

TikTok bug could have affected millions of users

Microsoft's cybersecurity research team described the bug as a one-click exploit. Cybercriminals could take advantage of the vulnerability by baiting TikTok users with a "specially crafted link." After a single click, malicious actors could gain immediate access to victims' TikTok accounts, which means they can view their sensitive information. The attackers could also publicize private videos, send messages, and upload videos on victims' behalf.

"The vulnerability allowed the app’s deeplink verification to be bypassed," the Microsoft 365 Defender Research Team said. "Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers. "

Microsoft's cybersecurity team added that TikTok has two Android-based variants: one for East and Southeast Asia and another for the rest of the world. It analyzed both and discovered that the vulnerability affected "both flavors of the app." Collectively, they have over 1.5 billion installations via the Google Play Store.

Fortunately, to ease some users' concerns, "there's no evidence it was exploited by bad actors," a TikTok spokesperson told The Verge. As mentioned, TikTok already patched the vulnerability; the Microsoft 365 Defender Research team praised the social media app for its swift response. "We commend the efficient and professional resolution from the TikTok security team," the blog post said.

Although the exploit was rectified, it's important that you use the latest version of TikTok to ensure that you're using the most secure version of the app.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!