Rabu, 08 Januari 2020

Major TikTok Security Flaws Found - The New York Times

TEL AVIV — TikTok, the smartphone app beloved by teenagers and used by hundreds of millions of people around the world, had serious vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information, according to research published Wednesday by Check Point, a cybersecurity company in Israel.

The weaknesses would have allowed attackers to send TikTok users messages that carried malicious links. Once users clicked on the links, attackers would have been able to take control of their accounts, including uploading videos or gaining access to private videos. A separate flaw allowed Check Point researchers to retrieve personal information from TikTok user accounts through the company’s website.

“The vulnerabilities we found were all core to TikTok’s systems,” said Oded Vanunu, Check Point’s head of product vulnerability research.

TikTok learned about the conclusions of Check Point’s research on Nov. 20 and said it had fixed all of the vulnerabilities by Dec. 15.

The app, whose parent company is based in Beijing, has been called “the last sunny corner on the internet.” It allows users to post short, creative videos, which can easily be shared on various apps.

It has also become a target of lawmakers and regulators who are suspicious of Chinese technology. Several branches of the United States military have barred personnel from having the app on government-issued smartphones. The vulnerabilities discovered by Check Point are likely to compound those concerns.

TikTok has exploded in popularity over the past two years, becoming a rare Chinese internet success story in the West. It has been downloaded more than 1.5 billion times, according to the data firm Sensor Tower. Near the end of 2019, the research firm said TikTok appeared to be on its way to more downloads for the year than better-known apps from Facebook, Instagram, YouTube and Snap.

But new apps like TikTok offer opportunities for hackers looking to target services that haven’t been tested through years of security research and real-world attacks. And many of its users are young and perhaps not mindful of security updates.

“TikTok is committed to protecting user data,” said Luke Deshotels, the head of TikTok’s security team.

“Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us,” he added. “Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.”

Mr. Deshotels said there was no indication in customer records that a breach or an attack had occurred.

TikTok’s parent company, ByteDance, is one of the world’s most valuable tech start-ups. But TikTok’s popularity and its roots in China, where no large corporation can thrive outside the good graces of the government, have prompted intense scrutiny of the app’s content policies and data practices.

American lawmakers have expressed concern that TikTok censors material that the Chinese government does not like and allows Beijing to collect user data. TikTok has denied both accusations. The company also says that although ByteDance’s headquarters are in Beijing, regional managers for TikTok have significant autonomy over operations.

Check Point’s intelligence unit examined how easy it would be to hack into TikTok user accounts. It found that various functions of the app, including sending video files, had security issues.

“I would expect these types of vulnerabilities in a company like TikTok, which is probably more focused on tremendous growth, and on building new features for their users, rather than security,” said Christoph Hebeisen, the head of research at Lookout, another cybersecurity company.

One vulnerability allowed attackers to use a link in TikTok’s messaging system to send users messages that appeared to come from TikTok. The Check Point researchers tested the weakness by sending themselves links with malware that let them take control of accounts, uploading content, deleting videos and making private videos public.

The researchers also found that TikTok’s site was vulnerable to a type of attack that injects malicious code into trusted websites. Check Point researchers were able to retrieve users’ personal information, including names and birth dates.

Check Point sent a summary of its findings to the Department of Homeland Security in the United States.

The Committee on Foreign Investment in the United States, a panel that reviews investment deals on national security grounds, is also looking into ByteDance’s 2017 acquisition of Musical.ly, a lip-syncing app that the company later merged into TikTok. That deal set the stage for TikTok’s rapid rise in the United States and Europe.

There are also concerns about the company’s data privacy practices. In February, the Federal Trade Commission filed a complaint against TikTok, saying it illegally collected personal information from minors. The complaint claimed that Musical.ly had violated the Children’s Online Privacy Protection Act, which requires websites and online companies to direct children under 13 to get parental consent before the companies collect personal information.

TikTok agreed to pay $5.7 million to settle the complaint and said it would abide by COPPA. TikTok is still being investigated by the British Information Commissioner’s Office to determine if it violated European privacy laws that offer special protections to minors and their data.

Ronen Bergman reported from Tel Aviv, Sheera Frenkel from San Francisco, and Raymond Zhong from Hong Kong.

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiSGh0dHBzOi8vd3d3Lm55dGltZXMuY29tLzIwMjAvMDEvMDgvdGVjaG5vbG9neS90aWt0b2stc2VjdXJpdHktZmxhd3MuaHRtbNIBTGh0dHBzOi8vd3d3Lm55dGltZXMuY29tLzIwMjAvMDEvMDgvdGVjaG5vbG9neS90aWt0b2stc2VjdXJpdHktZmxhd3MuYW1wLmh0bWw?oc=5

2020-01-08 09:00:00Z
52780545358049

AMD discusses the world's first 7nm mobile CPU -

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiK2h0dHBzOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9Z180bmh6MTQxU2vSAQA?oc=5

2020-01-08 07:39:00Z
52780541969400

Selasa, 07 Januari 2020

CES 2020 recap: Day one - Engadget

Sponsored Links

On day one at CES 2020 we got to see a lot of bleeding-edge TVs. To start with, Samsung showed off its Q950 8K TV with a minimal 15mm frame and AI processor that can track screen objects and position the sound to match. LG unveiled its latest rollable OLED TV, but rather than rolling up from the floor, it rolls down from the ceiling like a projector screen with no need for a projector. LG also revealed that it's making OLED TVs more affordable using smaller 48-inch displays. TVs weren't everything, of course. Sony also unveiled a surprise EV concept, Canon launched a supercharged DSLR and Mercedes hit us with a crazy Avatar-inspired autonomous car. For more, check out our complete CES2020 coverage.

Follow all the latest news from CES 2020 here!

In this article: av, CES2020, gear, LG, OLED, Recap, rollable display, TVs, video
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiO2h0dHBzOi8vd3d3LmVuZ2FkZ2V0LmNvbS8yMDIwLzAxLzA3L2Nlcy0yMDIwLXJlY2FwLWRheS1vbmUv0gE_aHR0cHM6Ly93d3cuZW5nYWRnZXQuY29tL2FtcC8yMDIwLzAxLzA3L2Nlcy0yMDIwLXJlY2FwLWRheS1vbmUv?oc=5

2020-01-07 15:05:04Z
52780535124292

Exclusive: Inside Intel's tiny modular gaming PC - The Verge

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiK2h0dHBzOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9dDJhWjZVa2xVdUHSAQA?oc=5

2020-01-07 14:00:08Z
52780541990680

Watch AMD's CES 2020 keynote in 10 minutes - Engadget

Sponsored Links

For Xbox gamers, the highlight of AMD's CES event was probably the sizzle reel that showed a 360-degree view of the Series X and all its ports. That is, until Microsoft clarified that the images were fake and came from a repository for 3D files. Thankfully, the chipmaker revealed and debuted a lot more things at CES, including a Dell G5 gaming laptop powered by its new "Renoir-H" Ryzen processor. It also launched the Ryzen 4000 chips, which will bring eight cores to ultraportables, as well as the Radeon RX 5600 XT GPU that's designed to deliver 1080p performance between 90 and 120FPS. The company also announced that its 64-core Threadripper 3990X will be available on February 7th for $3,990.

Follow all the latest news from CES 2020 here!

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiOWh0dHBzOi8vd3d3LmVuZ2FkZ2V0LmNvbS8yMDIwLzAxLzA3L2FtZHNjZXMtMjAyMC1rZXlub3RlL9IBPWh0dHBzOi8vd3d3LmVuZ2FkZ2V0LmNvbS9hbXAvMjAyMC8wMS8wNy9hbWRzY2VzLTIwMjAta2V5bm90ZS8?oc=5

2020-01-07 12:48:51Z
52780541969400

Watch AMD's CES 2020 keynote in 10 minutes - Engadget

Sponsored Links

For Xbox gamers, the highlight of AMD's CES event was probably the sizzle reel that showed a 360-degree view of the Series X and all its ports. That is, until Microsoft clarified that the images were fake and came from a repository for 3D files. Thankfully, the chipmaker revealed and debuted a lot more things at CES, including a Dell G5 gaming laptop powered by its new "Renoir-H" Ryzen processor. It also launched the Ryzen 4000 chips, which will bring eight cores to ultraportables, as well as the Radeon RX 5600 XT GPU that's designed to deliver 1080p performance between 90 and 120FPS. The company also announced that its 64-core Threadripper 3990X will be available on February 7th for $3,990.

Follow all the latest news from CES 2020 here!

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiOWh0dHBzOi8vd3d3LmVuZ2FkZ2V0LmNvbS8yMDIwLzAxLzA3L2FtZHNjZXMtMjAyMC1rZXlub3RlL9IBPWh0dHBzOi8vd3d3LmVuZ2FkZ2V0LmNvbS9hbXAvMjAyMC8wMS8wNy9hbWRzY2VzLTIwMjAta2V5bm90ZS8?oc=5

2020-01-07 12:05:38Z
52780541969400

Sony TV Lineup | Hands-On at CES 2020 - Digital Trends

Let's block ads! (Why?)


https://news.google.com/__i/rss/rd/articles/CBMiK2h0dHBzOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9Q2FPX2ZYWmlWd0nSAQA?oc=5

2020-01-07 11:00:03Z
52780535124292