For those unaware, TikTok app is a popular video streaming platform with more than 800 million monthly users.
Public Wifi operators, Internet Service Providers, and intelligence agencies can collect this data without much effort.
They then used MITM methods to trick the TikTok app to believe that the fake server was legitimate.
Thus, it will blindly consume any content downloaded from it, the duo wrote.
The use of HTTP to transfer sensitive data has not gone extinct yet, unfortunately.
As demonstrated, HTTP opens the door for server impersonation and data manipulation.
However, this doesnt mean that a malicious actor couldnt use this method to cause damage.
He discovered that they transfer all of their data using HTTPS.
I just tested them all: Facebook, Instagram, YouTube, Twitter, Snapchat Mysk toldMashable.
They have ZERO HTTP traces.
They transfer all of their data using HTTPS.
Apple and Google both require all HTTP connections to use encrypted HTTPS.
However, it does allow developers to opt-out of HTTPS for backwards-compatibility as an exception.
To know more about how Mysk performed the TikTok hack, you could head to itswebsite.
source: www.techworm.net
