Wells Fargo, the fourth-largest bank in the US, has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The bank's move to ban the app on corporate devices comes on the heels of Amazon, sending very mixed signals to its employees about whether they should remove TikTok from their company-issued devices.
Amazon said in a memo asking employees to remove the app was initially sent in error, an Amazon spokesperson told media sources.
TikTok created the Chinese company ByteDance, has grown in popularity over the last several years, especially among younger users. The US has been increasingly distancing itself from Chinese technology companies, such as Huawei, for fears that using their products would offer inroads to spying. The US also cited alleged Chinese hacking, issuing indictments against members of the Chinese military. It has also drawn the anger of some lawmakers and officials in Washington, DC, who are concerned about whether data collected by the app is shared or transferred to the Chinese government. Researchers have noted that they have found a range of vulnerabilities, including the ability to send TikTok users malicious links, view sensitive account data, and even delete or add content to a user's account.
Friends sharing or posting TikTok videos are having fun, but as some have experienced, there is often a trade-off between sharing entertaining video clips to protecting privacy. Research shows the risks associated with one of the most popular and widely used social apps in the world. One of TikTok's vulnerabilities was surprisingly simple. Its main website allowed users to send an SMS to another user with a link to download the app.[1] By capturing the HTTP traffic with a tool such as Burp Suite, it is possible to change out that link to a malicious domain. That is a compelling type of attack as the popularity of TikTok continues to grow. This security scrutiny has led some companies and government agencies to ban the app. As an example, in January of this year, the US Navy and Army banned military personnel from using the social media app on government-issued phones after the US Defense Department identified TikTok as having security risks.
A Wells Fargo spokesperson confirmed to researchers that it had asked employees to remove TikTok from company-issued devices, such as smartphones, earlier this month.
A spokesperson for TikTok could not be reached for comment. Previously, ByteDance announced it would separate TikTok from the rest of the firm and would store user data in the US rather than China. TikTok has also hired Kevin Mayer, a former top executive from Walt Disney, as its CEO and has released two "transparency reports," the latest published on 09 July 2020.
Beginning in January 2020, TikTok has faced more scrutiny from US lawmakers and the current administration officials who have raised concerns about the app.
That of what data is collected and what connections the parent company has to the Chinese government. Red Sky Alliance has reported numerous times that all companies are directly or indirectly connected to the Chinese government.
In March 2020, US Senators Josh Hawley of Missouri and Rick Scott of Florida introduced a bill that would ban federal employees from using TikTok on any government-issued devices. The legislation is pending in the US Senate Homeland Security and Governmental Affairs Committee.
In an interview earlier this month with US Secretary of State, he said that the current administration is "looking at" a ban on federal employees' who use TikTok because of concerns about Chinese use of the app for surveillance purposes as well as corporate ties to the Chinese government. The government has expressed similar concerns about the Chinese telecom equipment firms Huawei and ZTE.
More enterprises are issue warnings to their employees about potential cybersecurity threats posed by TikTok even if details about the alleged risks are murky.
Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization.
For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/64265941
Twitter: https://twitter.com/redskyalliance
[1] https://www.cnn.com/2020/07/13/tech/tiktok-wells-fargo/index.html
Comments