The Growth of Social Media and Our Collective Arrival at an Event Horizon of Calamitous Impact

Social Media and a Different Perspective

In the cybersecurity landscape – cyberscape – information dominance is the key to obtaining the “keys to the kingdom,” as the saying goes. For a time, Facebook really held all the social media cards, but since its launch in 2004 and with the development of new forms of media consumption, it’s slowly losing the iron grip it once had, which has opened the door for other competitors to sweep in and tap that market share. One competitor in particular – TikTok – is continuing to weaken Facebook’s grasp.

Maybe a different perspective will bring some attention to other areas of TikTok’s recent social media information dominance that are ever-present yet not well understood.

To shed some light here, this article primarily focuses on drawing data from current and recent TikTok cybersecurity-related threats and their enormous impacts. These have resulted from failing to have cybersecurity safeguards to protect the end-users in addition to insufficient regulations from a federal cybersecurity standpoint to protect the integrity of social media platforms.

Defining Social Media

Sadly, there are far too many social media cyber incidents.¹

The goal here isn’t to do a full deep dive, but rather to provide clear lines between emerging social media trends and how – if they are left unchecked – they could pose widespread and serious ramifications.

Before any true analysis can be conducted the first objective is to get on the same page.

Social media, as defined here, is a term that can (and does) encapsulate quite a broad range of categories, apps, software, information, communication technologies and more.

It includes Facebook, Twitter, TikTok, YouTube, Instagram, LinkedIn, Reddit, Snapchat, WhatsApp, web forums, gaming platforms with chatrooms, voice, and video chat applications (Zoom, Skype, Discord, MS Teams) and others.

Cybersecurity and Social Media

Social media has also transformed from purely chat-based to seemingly purely video-based in various mediums widening the social footprint and opening new attack vectors.

As the demographics of the various platforms change, so too must the platform to meet the new demands.

Each social media apparatus manages operational security in its own way, but at the front and center of all this current cybersecurity concern is TikTok.

On one hand, they lack any real security safeguards and infrastructure. On the other hand, they are the fastest growing social media platform with between 750 million and 1 billion monthly active users.²

The rapid growth and use of TikTok³ is nothing short of calamitous when compared to other social media platforms. Drawing attention to how easily influenced groups of individuals are through social media platforms isn’t an eye-opening revelation – this has been going on since MySpace back in 2003.

What is new, however, is the widespread growth of trends and audience-grabbing antics that are now crossing thresholds previously believed to be protected or too insulated to be breached.

Globally, the average amount of time spent on TikTok (per day) is around 52 minutes with 90% of users accessing it daily.⁴

Is it necessary to create a barrier between what happens on these social platforms and how much real-world impact they can have? Is there a defined threshold for which society is to accept a percentage of online spillage into reality? Like most things with two sides, it is a tug-of-war situation that is in constant throes. Positive change and influence are present in these platforms but even one instance of a dangerous or malicious viral video could change the tide quickly.

Cybersecurity breaches and attacks through social media aren’t groundbreaking. What can be considered groundbreaking, is the ease of access to the data and information that TikTok can provide coupled with the insatiable desire to crave attention and be part of the “trending” category.

If these attacks can be syndicated across multiple platforms – meaning the trend or attack can cross social media feeds – that is but a side-effect and not the primary goal, as TikTok is the initial starting point for their target audience before spreading to other platforms.

Viral video challenges pose a critical threat, as a recent trend was to hijack a specific car model (Kia models between 2011-2021 and Hyundai models between 2015-2021) using just a USB cable.⁵

The offenders were seeking to find older models of these cars and proceed to steal them all in the name of “#trendsetting.” These offenders would then record themselves stealing the car and then exit the vehicle if the car crashed or became inoperative for whatever reason. Impressionable individuals not knowing the true ramifications of these actions may see this as a prank or a harmless joke when, in reality, it is a crime.

Cybersecurity Vulnerabilities and TikTok

Cybersecurity vulnerabilities are not new to cars, as back in 2015 a writer from WIRED magazine chose to be in a Jeep that was remotely controlled by hackers who were able to do all sorts of mischief and disrupt the driver’s ability to maintain control.

This included slowing down and speeding up the Jeep, controlling the radio volume and air conditioning (by blasting on the full cold setting) and even adjusting the windshield wipers.⁶

It cannot be overstated the amount of effort that had to go into executing that hack. Conversely: with the TikTok trend, all you need is a USB cable.

Another angle of TikTok that presents a legitimate threat and danger is the influence and backing of propaganda by much larger countries such as China and Russia, and the full adoption of TikTok as a vector that can be used to gather data, information, operational intelligence, and even biometric user data as of their most privacy policy update as of June 2, 2021.⁷

A specific line in their policy update, as indicated in the TechCrunch article,⁸ is of great concern. It states:

“We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.”

On the surface, it may appear legitimate. But looking through the vague language, there should be a pause.

By mapping digital images onto live videos, facial filter technology necessarily entails the biometric scanning of a user’s face, whose digital map provides the frame upon which the digital images are overlaid. There is no specificity to federal or state laws (or both). In addition, it does not explain why the data needs to be captured.

Remember: If someone asks you for your thumbprint, the hope is you respond with “why do you need it?” rather than “sure here you go!”

This biometric collection disclosure follows a $92 million settlement from a class action lawsuit against TikTok⁹ that was originally filed in May of 2020 for violating Illinois’ Biometric Information Privacy Act (BIPA) but was resolved in June 2021.

TikTok shelling out hundreds of millions of dollars to cover lawsuits over privacy issues is just another in the long list of conglomerates viewing users as dollar signs and how the information that is collected can be quantified, collated, and sold to the highest bidder.

All eyes are on TikTok right now as they are the platform with an increasingly growing reach with younger viewers coupled with an engaging social ecosystem. TikTok has the highest average session length of all social media apps by a long way.

The average session length on TikTok is 10 minutes 51 seconds. This is almost double Pinterest who comes in second place with an average session length of 5 minutes 36 seconds and three times longer than the average Instagram session of 2 minutes 57 seconds.

TikTok has had such an effect on the way users consume media that even Facebook, although still a market leader, is pivoting the way their landing page(s) will look and be navigated as they try to capture the approach TikTok has implemented.¹⁰

The TikTok Social Cyberspace

The social cyberscape is evolving and changing with every new trend that hits maximum virality.
The need for market adaptation and creating a reliance on these platforms for businesses to function means we are reaching a breaking point.

With the increase in telework and working from home and the ease of access to these platforms, the overlap is clear and present with threats emerging every day – both new and old.

Not all threats discovered on these platforms are of a cybersecurity nature. However, the accessing of questionable content that can be divisive and cause violent reactions and engagement (whether to virtual or physically mobilize individuals) is a legitimate concern and one of which TikTok is a key contributor.

Making content “age-restricted” does nothing. Would-be wrongdoers just see it as another button to click and pass through.

TikTok continues to target all ages and demographics with content filtering and maturity ratings being introduced¹¹ to help mitigate the previous windfall they received for ignoring these aspects previously.

The social media arms race is far from over. In fact, one could probably argue we aren’t even at the midway point with the way the markets are pivoting and shifting to stay ahead of the curve and keep their demographics growing – vertically and horizontally.

This necessitates that cybersecurity proponents and professionals should try to integrate effectively and with purpose to highlight these critical areas of need and importance.

Aiming for perfection and 100% mitigation of various threats to social media is unreasonable and inevitable. An approach that aims to understand the threats, how to decide which threats take priority and then to respond to achieve a determined objective will help allocate resources efficiently to ensure problems are not being over-thought and under-resourced.

As Generation-Z grows and app adoption continues to expand, appropriate countermeasures should be put in place to avoid a full-scale impact that cannot be undone.

The growth of TikTok, without full consideration of how to manage and protect the privacy of its users and understanding the effects and fallout has been the approach for the past decade. Yet, with shifting tendencies and new demographics, that tune is finally changing. But is not enough.

Constant vigilance, cooperation and establishing healthy communal ideologies that the majority can ascribe to are how social media can be managed and maintained.

If TikTok is left unchecked and unabated, our institutions – cybersecurity or not – will be impacted in a way that cannot even be imagined.

It is long past time to confront TikTok about its dangerous cybersecurity risks, and to take measures to mitigate that threat -by TikTok and through cybersecurity regulations that protect users from what data can be collected and how it can be used.

About the Author

Usman Altafullah is a security engineer at SealingTech. He has been working in the cybersecurity field for over a decade helping to ensure that cybersecurity knowledge and information is not just reserved for the private sector. He believes anyone who is willing to read and share the knowledge should be able to receive it so they can understand it.  

 

Citations

1. (2022, 07 08). Cybersecurity Statistics of Data Breaches. Retrieved from Varonis: https://www.varonis.com/blog/cybersecurity-statistics#data-breach-hacking
2. Dean, B. (2022). TikTok User Statistics. Retrieved from Backlinko: https://backlinko.com/tiktok-users#monthly-active-tiktok-users
3. Insider Intelligence. (2022, June 01). Global Tiktok User Stats. Retrieved from Insider Intelligence: https://www.insiderintelligence.com/charts/global-tiktok-user-stats/
4. Dean, B. (2022). TikTok User Statistics. Retrieved from Backlinko: https://backlinko.com/tiktok-users#tiktok-user-demographics
5. Gunther, C. (2022, August 03). TikTok Thieves Steal Kia and Hyundai Cars in Viral Challenge. Retrieved from ReviewGeek: https://www.reviewgeek.com/124739/tiktok-thieves-steal-kia-and-hyundai-cars-in-viral-challenge/
6. Greenberg, A. (2015, 07 21). Hackers Remotely Kill a Jeep on the Highway – With Me in It. Retrieved from Wired: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
7. Privacy Policy. 06 June 2021. Privacy Policy. 13 August 2022.
8. Perez, S. (2022, June 03). TikTok just gave itself permission to collect biometric data on US users, including ‘faceprints and voiceprints. Retrieved from TechCrunch: https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/
9. Weiss, E. (2021, February 26). TikTok Reaches $92 Million Settlement in BIPA Lawsuit. Retrieved from Find Biometrics: https://findbiometrics.com/tiktok-reaches-92-million-settlement-bipa-lawsuit-022605/
10. Heath, A. (2022, June 15). Facebook is Changing its Algorithm to Take on TikTok, Leaked Memo Reveals. Retrieved from The Verge: https://www.theverge.com/2022/6/15/23168887/facebook-discovery-engine-redesign-tiktok
11. Keenan, C. (2022, July 13). More Ways For Our Community to Enjoy What They Love. Retrieved from TikTok: https://newsroom.tiktok.com/en-us/more-ways-for-our-community-to-enjoy-what-they-love