top of page

Membership is FREE so join today to receive your welcome pack and access to all of our cyber security advice and resources.

Want to improve your cyber resilience?

Beware of TikTok's Zero-Click DM Danger

Graphic of smashed glass using solid TikTok colours with a music symbol in the middle

TikTok has become a breeding ground for hackers, and their latest exploit is particularly concerning. A malicious code has recently taken over high-profile TikTok accounts, including those of celebrities and major brands like Paris Hilton and CNN. This exploit involves zero-click attacks through direct messages (DMs) on the platform, meaning that users don’t even need to click on a link or download a file to be compromised—simply opening the message can infect their device.


What You Need to Know About the TikTok DM Exploit


Hackers are targeting prominent TikTok accounts, with the first known victim being CNN, which faced a multi-day outage as a result. These zero-click attacks occur when a user opens a DM containing malicious code. This exploit leverages vulnerabilities in how TikTok processes content within DMs, similar to past issues identified in browsers like Chromium.


TikTok’s security team is aware of the issue and is working to mitigate the attack and restore access to affected accounts. This zero-day, zero-click vulnerability was discovered by bad actors before TikTok developers had a chance to address it, leaving no time to prevent the initial wave of DM attacks and it poses a danger to unknowing TikTok users.


TikTok’s History of Security Issues


This is not the first time TikTok has faced security challenges. In 2023, over 700,000 accounts in Turkey were hacked due to flaws in TikTok’s two-factor authentication system, coinciding with a crucial presidential election. In 2022, Microsoft security experts found a significant flaw in the TikTok app that allowed hackers to hijack accounts through malicious links.


Concerns about TikTok’s data security and its connection to its Chinese parent company, ByteDance, have also led to scrutiny from lawmakers. The U.S. government has expressed fears that China could use TikTok to spy on Americans or influence their views, prompting President Biden to sign a bill requiring ByteDance to sell its U.S. TikTok operations or face a ban.


Protecting Yourself from TikTok DM Dangers


To safeguard your TikTok account from malicious DMs, follow these six steps:


1. Use Strong Antivirus Software: Protect your devices against phishing attempts and malicious links by installing robust antivirus software. This can also alert you to any phishing emails or ransomware scams.

2. Use Strong and Unique Passwords: Create strong, unique passwords for your accounts and devices. Avoid using the same password for multiple accounts and consider using a password manager for secure password generation and storage.

3. Enable Two-Factor Authentication: Add an extra layer of security by enabling two-factor authentication, which requires a second form of verification in addition to your password.

4. Keep Your TikTok App Updated: Regularly update your TikTok app, antivirus software, web browsers, and other applications to ensure you have the latest security patches.

5. Review and Adjust Privacy Settings: Configure your TikTok privacy settings to limit who can send you direct messages, comment on your videos, and view your profile.

6. Monitor Account Activity: Regularly check your account activity for any unusual behaviour or unauthorised access. If you notice any unfamiliar devices accessing your account, change your password immediately and log out of all devices.

Comments


bottom of page