The security risks of social media video-sharing site TikTok recently highlighted by Republican lawmakers are real, but cybersecurity experts say they aren’t unique to the Chinese-owned app.
This is because every time a user grants a smartphone app access to their location, contacts, camera, and microphone, it opens up an avenue that can be exploited by hacking and phishing schemes. In extreme cases, hackers can access your device’s camera and microphone capabilities without your knowledge, or use GPS data to track your location.
What makes TikTok different is that its parent company, ByteDance, is Chinese, making it susceptible to influence and outright control by China’s authoritarian government. Last month, FBI Director Christopher Wray said the app’s mass adoption was a national security concern and that security negotiations were underway between the company and the Biden administration.
“Everything[TikTok]has could be in the hands of the Chinese government,” he said. Khaled Sabha, cybersecurity lecturer at the University of Wisconsin-Milwaukee, said: “The Chinese government may ask TikTok … or force it to share user information.”
The concerns prompted a Republican congressional delegation from Wisconsin to write to Democratic Gov. Tony Evers last week asking him to ban the app from state-owned devices. Some states have already done so, including the Maryland governor who announced the move last week.
A cybersecurity expert told Wisconsin Public Radio that in Wisconsin, individual users should consider the potential risks of using social media. However, TikTok security did not go so far as to support a ban on TikTok, saying the risks are almost the same as those of simply carrying a smartphone.
In the letter, Republican lawmakers called the app a “surveillance tool” that “tracks cell phone user data, such as user location data and user keystrokes, even when the app is not in use.”
Keatron Evans, Principal Security Researcher at InfoSec Institute, said: “But I think it’s the horror of the social media apps you put on your device.”
Sign up for daily news!
Stay up to date with WPR’s email newsletter.
This is because hackers and scammers can exploit security loopholes or trick users into sharing their data through phishing schemes. The large amount of user data collected and stored by social media companies can also be vulnerable to exploitation by hackers targeting the companies themselves or their databases.
“There is no difference with TikTok,” said Michael Patton, director of the Cybersecurity Center of Excellence at the University of Wisconsin-Oshkosh. Insert your social media product here.”
Lawmakers say the app’s ties to the Chinese government are making a difference. In addition to signing the letter to Evers, U.S. Congressman Mike Gallagher (R-Green Bay) sponsored federal legislation to ban the app entirely in the United States.
The app’s audience and its cultural impact is enormous and growing. The company reportedly has more than 1 billion users worldwide, and he may have as many as 80 million in the United States. Its users’ short videos have spawned dancing trends, famous pets and, in some cases, fostered supportive communities. It’s also known for its algorithms’ amazing ability to predict which videos will appeal to individual users.
In response to the lawmaker’s letter, Evers spokesman Britt Coudabach told The Associated Press that the administration takes cybersecurity threats seriously and said, “Regarding this and other evolving cybersecurity, law enforcement agencies, cybersecurity “We will continue to rely on the judgment and advice of our counterintelligence experts.” problem. “
Patton said it may not be necessary to outright ban a country’s use of TikTok to protect itself from such threats.
“Does[the tourism board]use it to promote tourism? Maybe that’s OK,” Patton said. “And maybe they have a special device to do that. should.”
Evans also said that using a separate device for TikTok could be a good security policy for government officials, celebrities and other potential targets of hacking to better isolate potential intrusions. I said yes.
