Tech Talk: Security Issues Swirl Around TikTok App

This Tech Talk column was originally published in the Sunday, July 5, 2020 editions of Foster's and Seacoast Sunday.

I hope you enjoyed a safe and relaxing Fourth of July holiday. This past week has been a week of urgent security issues. Not that any week does not go by without some form of rather serious cybersecurity issue, but this week touched on two very popular pieces of software that pose an immediate risk.

First up is the Windows 10 operating system. If you run a Windows PC, you should be on Windows 10 as all prior versions of the Windows operating system are not longer supported. That means there are no security updates issued.

This week, Microsoft released an urgent update for Windows 10 to address a vulnerability related to what is called the Windows Codecs Library. To cut to the chase, if you have not already, you should check for available updates and install them. You do this by clicking on the Start button, clicking the Settings icon, which is a gear, then clicking on Update & Security and then clicking the Check for updates button and letting all available updates install.

Once you do this, you should then go to the Windows Store and click the down arrow in the upper right and then click on Update all. This will update any applications that may have the vulnerability that you obtained from the Windows Store. Even if you don’t think you have downloaded anything from the Windows Store, do this step as you likely have apps that you are using from the Windows Store that were already loaded on your computer when you got it or when you upgraded it to Windows 10.

This security issue could allow a hacker to gain remote control of your computer through an issue with the previously mentioned Windows Codecs Library. Once the hacker has control, they could lurk around your computer without your knowledge, capturing usernames and passwords as you enter them or stealing your data and identity. Please do these update steps without delay to be sure you are protected from this risk.

The other security issue that surfaced this week is with the popular mobile video app TikTok. TikTok is not a stranger to security concerns as it’s owned by a Chinese company and has been accused of spying on its users in the past. Well this week, Apple confirmed that the TikTok app is indeed spying on i device users who have installed it on their iPhone or iPad. TikTok claims the issue is Apple’s fault, having to do with the Clipboard feature that allows you to copy and paste data from one app to another. Apple contends it has confirmed the app is spying on users, leveraging the Clipboard vulnerability but potentially more. There have been past issues with the TikTok app on the Android platform as well.

Security researchers generally agree TikTok has a questionable track record when it comes to user security. When confronted with allegations of improper data collection from users devices, TikTok has at times offered conflicting explanations or outright finger pointing at other causes. All this comes down to the very likely scenario that TikTok is a security risk to anyone who has installed it, regardless of the platform they are using.

There have been government warnings about TikTok for quite some time and many government agencies and companies prohibit the installation of the app. As a result of all this concern, I too recommend you not install and use the TikTok app. If you have it installed, you should delete it from your devices and deactivate your account. If you used a password for your TikTok account that you have used elsewhere, you should change those passwords immediately.

I hope this information will be helpful and you will heed my advice to be sure your computer and mobile devices are more secure. As with all things related to technology, stay vigilant and informed and keep your systems up to date to try to avoid becoming a victim of hackers malicious activity. Stay safe online!