TikTok Could Hack Your Bitcoin Wallet Right Now — Australian Government Considers “National Security Risk” App

Tuesday 21 July 2020, 7:00 AM AEST - 4 months ago

The Australian government has stated that popular Chinese-owned social media platform TikTok is under scrutiny for any potential risks it may pose to user privacy or potential national security risks as new evidence emerges that TikTok could compromise user security — including cryptocurrency wallet data.

The social media app, owned by China-based Bytedance, recently opened new offices in Australia amidst international privacy concern that saw TikTok banned in India and US President Donald Trump promoting a campaign to ban the app as part of a new presidential re-election campaign.

Prime Minister Scott Morrison has stated that the Australian Government is currently “having a good look” at TikTok, hinting that an Australian TikTok ban is not out of the question:

“If we consider there is a need to take further action than we are taking now, then I can tell you we won’t be shy about it”

TikTok Accused of Leaking User Data

Concerns regarding the potential security issues presented by TikTok aren’t limited to national security, however. Independent penetration testing and cybersecurity firm Penetrum has published extensive documentation focusing on TikTok, condemning the app for spying on and gathering the personal information of all users.

Penetrum data, published via a public data repository and presented via a security analysis white paper, levels concerning claims against TikTok, claiming that over 37 present of known IP addresses linked to the platform are based in China and that the application harvests and shares data with third party vendors and business partners.

What does this mean for cryptocurrency holders, investors, and traders that use smartphone-based wallet applications, though?

Independent Audit Highlights Severe Security Risk

Penetrum data indicates that TikTok presents a severe security risk due to:

  • Always-enabled remote webview
  • OS-level command access
  • Compromised device information and GEOlocation data
  • User activity monitoring

Based on the evidence presented by Penetrum, TikTok is able to read and share clipboard — or copied and pasted text — on user devices, or access camera functionality without altering the user. 

While many wallet apps generate cryptocurrency wallets without user string input, there are many extant apps in use today that allow users to paste private keys when importing wallets — potentially revealing them to malicious applications.

While Penetrums findings have yet to be backed up by additional studies by other third-party cybersecurity firms, the international concern directed at TikTok due to privacy concerns should cause smartphone crypto wallet users to consider whether the social media platform is worth the risk.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.