- The Go SMS Pro app exposes non-public photographs, movies, and different recordsdata of tens of millions of customers.
- Security researchers discovered the flaw again in August.
- The app maker has not but responded to the findings or taken any steps to repair it.
When it involves third-party messaging apps for Android, Go SMS Pro is among the hottest ones on the market. It has over 100 million installs as per its Google Play Store itemizing and markets itself because the primary platform to exchange Android’s inventory messaging app. Unfortunately for its customers, safety researchers have found a significant safety flaw within the app.
TechCrunch has printed a report based mostly on analysis performed by Trustwave, revealing that tens of millions of Go SMS Pro customers are weak to file theft.
The app permits customers to share photographs, movies, and different recordsdata within the type of an internet tackle in order that those that don’t even have the app can entry the recordsdata simply with the assistance of the hyperlink. Security researchers at Trustwave found that these hyperlinks are sequential. This implies that anybody who is aware of one net tackle can predict others and entry recordsdata saved in them with out correct consent.
Moreover, “An attacker can create scripts that would throw a large internet throughout all of the media recordsdata saved within the cloud occasion,” Karl Sigler, Senior Security Research Manager at Trustwave instructed TechCrunch.
The weak point was found on model 7.91 of the Go SMS Pro app. It is at present on model 7.93, with the newest replace having rolled out on November 18. However, Trustwave believes that the vulnerability probably impacts earlier and probably future variations as effectively. TechCrunch additionally independently verified Trustwave’s findings.
The safety agency shared its discovering with the app maker in August and gave it 90 days to repair the difficulty, as is commonplace observe within the trade. But after the deadline expired and not using a response, the researchers made their findings public.
So for those who’re utilizing Go SMS Pro proper now, likelihood is you’re nonetheless affected. You may need to think about making a change to a different messaging app until the flaw is mounted. We’ll replace this text if the app maker ever responds to or takes motion on the difficulty.
Read subsequent: The finest messenger apps for Android