Security Weakness in TikTok | Avast

If you’re a parent of a teen or a tween, chances are you’ve heard them rave about TikTok. Kids spend hours on the popular app uploading their own lip-sync videos and sharing jokes, clips and other footage. Used wisely, it’s harmless fun.

But, like many social platforms, TikTok has its security and privacy issues. Parents were reminded of the need to be vigilant this week when a couple of security researchers from Canada and Germany exploited a security weakness in the platform.

The researchers, Talal Haj Bakry and Tommy Mysk, figured out a way to plant fake videos in users’ feeds that appear to come from official sources. They did it by gaining access to a user’s router, ISP or VPN. TikTok left the door open for a breach like this because it continues to use an insecure HTTP connection to deliver video content more quickly and simply than if it used the more secure HTTPS. Researchers exploited the gap by controlling a user’s access point and executing a “man in the middle” attack to alter the downloaded content.

This is serious on many levels. As we’ve seen in “Zoom-bombing” attacks on the videoconferencing platform, hackers take whatever opportunity they can to spread pornography or racist content in family settings. Given that most of TikTok’s 800 million users worldwide are kids, parents will want to carefully monitor the content children access on the platform.

Also, during a global pandemic we’re all turning to official sources for information and advice to help us through. This is true for children on TikTok as well. Hackers gaining the ability to spoof official sources and swap in misinformation can be doubly dangerous for children who may not have the developed filters needed to know whether the content is legitimate.

TikTok has pledged to fix the problem. A spokesperson told Forbes: “TikTok prioritizes user data security and already uses HTTPS across several regions, as we work to phase it in across all of the markets where we operate.”

Given the popularity of TikTok and the extra time kids will likely devote to the app during the shelter-in-place period, it’s useful for parents to review some safety measures they should take.

Just last week, TikTok changed its account settings to give parents more control over how their kids use the app. Using their tool called “Family Pairing”, parents can connect to their children’s account and remotely restrict feed content, disable direct messages, and add limits to the time their child spends on the app.  

Under the “Privacy and Safety” section of the account, set the child’s account to private (toggle it on) and turn off the “Allow others to find me” feature. Predators are out there, and they can easily follow underage kids if they’re not blocked from doing so.

Under the “Safety” section, parents can customize who can post comments, who can “Duet” with their child, who can react to their videos, who can send them messages and who can view videos they liked.

Avast has various tools that families are able to utilize to help keep their kids safe online. In Avast Family Space, a parent can use content filters to set limits on their kids’ TikTok usage. Family Space gives you granular controls that work across platforms and can be controlled from the parent’s phone.  If you want to monitor their communications, parents can use a program called Bark to see the content of TikTok text chats as well as other platforms.  

Last, make sure to talk to your kids about being vigilant themselves while online. If something feels wrong in an online setting, have them come to you and get a gut check. They may get the urge to tinker with settings to try to open up their profiles. Set limits and check to make sure they’re not wandering into dangerous territory.

TikTok can play a role in getting us all through the current situation with smiles on our faces. Making sure our kids stay safe on the platform will give us much needed peace of mind.


*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/security-weakness-in-tiktok