Go SMS Pro, a very popular SMS messaging application, has a serious drawback that allows almost anyone to view photos, videos or audio messages sent through it.
At stake is the data of millions of people
The Go SMS Pro app has been downloaded by over one hundred million users on their smartphones, making it one of the most popular messaging apps for Android smartphones.
One of the features of Go SMS Pro is that it sends photos, videos or other multimedia content to users who use another application to send and receive SMS messages in the form of a web connection. Clicking on the link allows the recipient to access the content.
But Trustwave information security experts found out a few days ago how Go SMS Pro actually handled such messages – very carelessly.
How to turn an old computer into a rocket with one tactical change
Everyone could see your private photos
When a user submits a photo, for example, it is uploaded to a server and given a web link to open it. The problem is that the URLs of the web links were consecutive. Anyone who changes the serial number in the application received in the SMS message can access the following photo or content on the server. And so on and so forth:
This potential misuse of personal data was not limited to Go SMS Pro users or those receiving their messages. Anyone who knows the form of a web connection can theoretically view all communications of all Go SMS Pro users.
At the well-known technology medium TechCrunch, before Trustwave sent the work to the public, they conducted a test and determined that the vulnerability was serious. By changing the serial numbers in the link, they gained access to confidential financial information, home addresses and many private (illustratively, they wrote) photographs.
List of applications to be deleted immediately
The application is still available, it has been updated, but it is not clear if the security hole is patched
Google responded to the Trustwave discovery by withdrawing the app from the Google Play Store. but can be reinstalled from Mondaybecause it has been updated. Whether the problem is resolved is not known, as the application developer did not respond to any questions from the media or a “Confidential Wave” warning.
He first reminded the developer of the Go SMS Pro app of a serious security hole that allowed the contents of the messages to be viewed in August and urged him to issue a correction immediately, but they fell on deaf ears.
We detect entities that offer “soft” loans during an epidemic
Huawei seems to have found a buyer for Honor
Nokia 5.3: Pretty much a smartphone for a very reasonable price
Huawei Mate 40 Pro: Impressive in many ways, but some are unlikely to fit in