每日英語跟讀 Ep.778: Chinese video messaging app’s security flaws exposed
On Jan. 8, cyber security company Check Point Software Technologies announced that its research had discovered serious security vulnerabilities with video messaging app TikTok. The research found that a hacker could send a spoofed SMS message to a TikTok user containing a malicious link which, if clicked, would enable the attacker to assume control of the user’s account, allowing the hacker to upload videos and make a user’s private videos public.
An additional security loophole exposed by Check Point’s researchers would allow a bad actor to retrieve personal information saved on user accounts. According to media reports, TikTok was made aware of Check Point’s research in November last year, and by Dec. 15 had deployed a fix for the vulnerabilities.
另外，透過另外一個安全漏洞，Check Point研究人員也可以從該公司網站上，取得TikTok使用者帳戶的個人訊息；報導指出，對此TikTok表示，公司在去年十一月了解到Check Point的研究，並表示已在十二月十五日之前修復所有漏洞。
Check Point’s Head of Product Vulnerability Research, Oded Vanunu, says that the vulnerabilities discovered by the researchers were all core to TikTok’s systems. The company also tested how easy it would be to hack into TikTok user accounts. It discovered that certain app functions, including sending video files and documents, contained security flaws.
Check Point產品漏洞研究主管瓦努努(Oded Vanunu)向該報指出，研究人員發現，這些漏洞都存在TikTok系統的核心部分；Check Point也檢驗了入侵TikTok使用者帳戶的容易程度，發現應用程式中的各項功能包括發送影片、文件等，都存在安全問題。
The last two years has seen explosive growth for TikTok within the US market, making the app a rare success story in the West for a Chinese technology company. However, some US lawmakers have raised concerns over the potential for covert eavesdropping. Meanwhile, the five main branches of the US military have already banned the app’s use on government-issued devices over fears it could compromise national security. Additionally, US security officials have called on military personnel and their family members to remove the app from their personal devices.
Source article: http://www.taipeitimes.com/News/lang/archives/2020/01/22/2003729641