Humanity & the Social Media Connection: Why TikTok Continues to Pose a Threat

09:10:2024

BY Usman Altafullah

Humanity has many traits that when highlighted can shine brightly and pioneer new and innovative ways forward. Unfortunately, some of our behaviors can also be deceitful, hateful, and negatively impact others. As humans, we strive to connect with one another, discover new things and share stories and triumphs. Society has evolved to the point where the social media tools that have been developed are so sophisticated, they can just about predict what you are going to post, gram, or share seemingly before you do.  

Social platforms over the years have come and gone, but the one that continues to grow in equal popularity and concern is TikTok. While top social media giants battle it out for dominance in the cybermedia landscape, the threats that exist and the perpetual risk to Americans and TikTok users cannot be overstated.   

The Ban on TikTok 

In March 2024, the US House passed a bill giving ByteDance, TikTok’s Chinese owner, six months to divest its US assets or face a ban.

The serious privacy and antitrust concerns are peppered throughout the history of TikTok. In March 2024, the US House of Representatives overwhelmingly passed a bill giving the Chinese owner, ByteDance, about six months to divest the US assets of the platform or face a ban. 

A year ago, I mentioned in my blog that TikTok is the fastest growing social media platform with between 750 million and 1 billion monthly active users. A year later in 2024, that number has continued growing monthly active users surpassing 1 billion worldwide. 

If a foreign government can easily access more than 1 billion users’ information and biometrics, it sounds to me that world domination is not far behind. But seriously, if the US Federal Government created a mandate banning TikTok on its government devices, shouldn’t we pay closer attention to what this app could do . . . or perhaps, destroy? 

As a Lead Security Engineer at SealingTech, I’ve spent my career identifying threats and vulnerabilities on networks and systems to protect our government and large enterprise from cyber threats. People’s welfare and threats to their livelihood greatly matter to me.  

Zero-Day Attack 

One vulnerability recently discovered on TikTok’s platform exploited what is known as a zero-day attack, meaning no fix or patch exists for this vulnerability. Though such an attack can happen to any platform, TikTok’s high profile and notorious weak safeguards played a role. It also allowed for malicious code to be executed once someone clicked on a seemingly innocuous message. This allowed the threat actor to enter a malicious code to take over and compromise many of TikTok’s high profile accounts. A ripple effect ensued as they successfully impersonated, also known as phishing, and sent users messages to “fish” for information with the intent of stealing personal information. Threat actors prey on TikTok users who idolize celebrity and high-profile accounts for their own personal gain. Eventually, TikTok did move to fix the vulnerability, but to date, it has not been transparent about the mitigation strategy or the total impact of the breach 

These types of vulnerabilities and threats are nothing new for TikTok. Media is flooded with reports discussing the impact and risk the platform poses. Its impact goes beyond our borders; it’s global 

Threat to Presidential Elections 

June 2023, more than 700,000 TikTok accounts experienced hacks before the Turkish Presidential Election. According to reports, “greyrouting” was used, a method where short message service (SMS), cellular texts were sent through an SMS farm, manipulated, malformed, and sent out to create harm and damage. Greyrouting simply bypasses the established and intentional fees set by international telecommunications agreements by sending texts through unsecured channels. Greyroutes can also help companies save money by avoiding typical guardrails like rate limits and anti-spam but will compromise message security and leave itself open to being intercepted. The global impact of these attacks and their success rate continue to embolden other groups to strike and leverage the unsafe landscape where TikTok continues to grow its user base. 

With America’s upcoming presidential election, is it only a matter of time we fall victim to similar devasting attacks? 

AI and the Deepfake Movement 

While TikTok entertains millions, a darker side exists. AI and deepfake technology are being used to collect user data and create impersonations.

Benefits exist if you’re one of the 170 million+ Americans enjoying the platform and its endless amount of positive and useful information and undeniable entertainment value, but a darker side looms. A growing concern involves the artificial intelligence (AI) and deepfake movement happening at lightning speed. It’s widely known that TikTok leverages technology to capture facial information and biometrics of its users. However, evidence has surfaced where TikTok has AI models capturing bulk data of Americans and using it to create impersonations and disseminating false and misleading information. This is not something from The Terminator or I, Robot. It’s real and happening now. State affiliated threat actors are hacking into weakly protected infrastructure like TikTok, pilfering it for user data and then feeding it into AI models to impersonate Americans and other denizens of countries around the world. In February of 2024, a CFO was duped out of 25 million dollars due to a deep-fake scam! 

TikTok’s Future 

The cybermedia landscape continues to grow and evolve as various influences, positive and negative, continue to oscillate. Being ever vigilant is but one tactic to avoid getting caught up in the misinformation and propaganda—and perhaps identify theft or worse. No one service or social media platform is immune to the risks. However, taking divisive action against them and being transparent helps build trust within the online community, something TikTok needs to improve upon if it wishes not to succumb to the same fate of platforms that came before it.  

 

About The Author

Usman Altafullah is a security engineer at SealingTech. He has been working in the cybersecurity field for over a decade helping to ensure that cybersecurity knowledge and information is not just reserved for the private sector. He believes anyone who is willing to read and share the knowledge should be able to receive it so they can understand it.

Related Articles

The Importance of Experimentation in Defense R&D

To stay ahead of rapidly advancing threats, innovation in defense technology is not a luxury — it’s a necessity. Organizations must adopt an experimental mindset, using research and development (R&D)…

Learn More

Enhancing Defense Capabilities in Response to Russian Military Advances

The ongoing conflict in Ukraine serves as a stark reminder of the evolving nature of global security threats. Russia’s first phase of the invasion involved cyber effects which set out…

Learn More

SealingTech Abroad: 2024 International Travel Recap

As a cybersecurity technology and solutions-driven company, we’re committed to maintaining a combined front and shared capability with our international partners. Every year, our teams attend global conferences to meet…

Learn More

Could your news use a jolt?

Find out what’s happening across the cyber landscape every month with The Lightning Report. 

Be privy to the latest trends and evolutions, along with strategies to safeguard your government agency or enterprise from cyber threats. Subscribe now.