In this edited interview excerpt from a Bloomberg Technology report, Check Point Security Evangelist Micki Boland discusses a new U.S.-based ban on TikTok, shares security insider insights, and provides actionable data privacy tips.
As you know, select Texas universities have moved to block access to TikTok through campus wi-fi. What we’re hearing from users is that they don’t understand the risk. Is there a risk?
First, I want to say thank you so much for having me. At Check Point, we believe that everyone deserves the best cyber security. I would say that for end-users who are unsuspecting, and who really don’t understand the risk – yes, there is risk.
This is why we’re seeing organizations come together – agencies, enterprise, non-profits – who are actually doing a joint responsibility for risk. So we need to approach risk in such a way as to acknowledge both privacy and security.
We have privacy for data; for protected data, for end-user endpoints. Also for corporate assets. We have to protect our networks. People are riding our networks in order to get to these applications and our networks are vulnerable to attack by malicious actors and the threat of malware.
And then we have corporate assets and university assets, in this case, to protect. So it is a joint responsibility and we do need to help students understand the risks and to educate everyone.
In going back-to-basics, the argument is that ultimately, personnel in mainland China, might be able to access the personal data of TikTok users in the United States. The proposed solution for TikTok is to house the data of U.S. users on Oracle servers based in the U.S. Is that an acceptable mitigation of risk, in your opinion?
I hate to speculate about that, but I will tell you that our Check Point research division has looked into that. In 2020, we were curious about whether or not TikTok was delivering consistent privacy and security. And we did find several vulnerabilities.
We actually found a way to kind of circumvent registration using a mobile device, enabling us to use SMS spoofing for registration, there were API vulnerabilities…What I’m saying is that we need to demand that organizations offering social media applications uphold a consistent security and privacy policy that we can actually address.
Compare TikTok to other virally growing social media companies of olde – How many vulnerabilities does it have vis-à-vis competitors?
Across the board, I’d refer to our research team for that. To their credit, TikTok did actually fix the vulnerabilities that the Check Point Research team presented to them. In 2021, we worked together, and Check Point helped TikTok pen test those vulnerabilities.
I think that from the standpoint of examining the attack surface, these applications are going viral. I think, TikTok now has over a billion installs or downloads. In the U.S., there are now over a hundred million active users.
So, I think that we have to think that these social media platforms are going to be a huge, attractive attack surface for malicious actors.
We also have to take responsibility for our own personal data…
Yes, Micki, talk to us about that. If I can’t leave it up to TikTok, what do I do in order to protect myself?
If you go to an app store, and download social media applications, go read the details. What is their security policy? What is their privacy policy? What kind of data are they collecting on you? What kind of permissions are you granting to this application when you install it?
If you’re giving the application access to your camera, your microphone, your location, your calendar, and all of your contacts, this is probably too much information to share.
Then, you also have to read the fine print. What are they saying that they’re doing with the analytics being collected from you. And then, who do you trust? Ultimately, you have to have a certain level of trust in the application.
Any software can be exploited. It’s never going to be perfect.
Watch the interview – here.
If your organization needs to strengthen its security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.
