TikTok Security Implications
Prior to stay at home orders from COVID-19, the 800 million active TikTok users (out of the over 1 billion subscribed users) spent an average of 52 minutes per day on the app. The average user on this social media platform is between the ages of 16-24, and with all these teens stuck at home looking for a way to communicate with the outside world, it is probably safe to assume that user-ship and daily minutes spent on the app have drastically increased in the last 30 days.
In November of 2019, the US Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) opened an investigation into the $1 billion purchase of Musica.ly because of censorship questions and data storage. At the same time, USA Today published an article mentioning that the United States Navy had banned active duty members from the app. Now the Department of Defense is encouraging members to stay off the app due to its ability to convey location, image, and biometric data. This data is open to the application’s Chinese parent company, ByteDance, creating a potential problem for US national security.
The Problem
First and foremost, and the reason the military is so careful about this app, is that it is illegal for companies in China to refuse to share data with their government. This means that the Chinese government may have access to all of the “private” videos, as well as location data, for members of the US military and other US citizens.
Additionally, if we back track a bit, in January 2020 cybersecurity solution provider and research firm Check Point reported that:
TikTok (formerly Musica.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
They also went on to explain multiple vulnerabilities that would allow hackers to access user accounts, obtain uploaded content, remove videos, and have access to personal information saved on user accounts. There were also reports of attackers being able to directly text other users from the app. Once the vulnerabilities were identified a patch was completed and an update to the app was pushed out in January.
Our Recommendations for Safer TikTok Use
Now that you know the risks, what does Triaxiom recommend if you, family members, or people you know use TikTok?
- Turn off GPS location on any device you access the app on.
- Be selective in content that is uploaded the app – this is a great teaching moment for young users on what to share via social media and the potential permanence or misuse of that information.
- Make sure you are using the most up-to-date version of the app.