Delete 'Go SMS Pro' From Your Android Now

Go SMS Pro leaks data

TechCrunch reported that it tried reaching out to the Go SMS Pro maker by emailing on two addresses connected to the app. When both users have the app, Go SMS Pro sends media within the app itself.

What's truly concerning is that the security researchers over at Trustwave informed the chat app's developer about this issue three months ago, but after not receiving a response to any of their numerous emails they chose to go public with this so that users can be informed and can avoid using this app or at the very least sharing any kind of multimedia through it.

This data leak affects more than 100 million people who installed Go SMS Pro, one of the most popular messaging apps around.

"Security researchers at Trustwave discovered the flaw in August and contacted the app maker with a 90-day deadline to fix the issue, as is standard practice in vulnerability disclosure to allow enough time for a fix".

Specifically, by incrementing the sequential hexadecimal values in the URL (e.g., "https://gs.3g.cn/D/e3a6b4/w"), the flaw makes it possible to view or listen to other media messages shared between other users.

Even though there hasn't been a fix to the bug yet which will be able to protect your files that you have already sent.

After reports came out, Google did not take any action and just removed the app from Google Play Store.

Apart from leaking messages, it also leaked private photos, financial transaction details, private messages, all part of SMS, on the web.

The flaw arises from the basic functioning of the application; when a user sends a multimedia message, the recipient can receive it without having the GO SMS Pro application installed. To understand the vulnerability, readers must note that this app allows users to share files with anyone regardless of whether or not the recipient has the app or not.

Clicking that URL will show them the media file. They can also connect to your Instagram DMs if you update your Instagram app, and you have the option to encrypt your conversations.

"Here is another example where a mobile app user believes their photos and videos are protected and only accessible by intended recipients, while in reality they are left exposed", Josh Bohls, founder of secure content capture company Inkscreen LLC, told SiliconANGLE.

Trustwave researchers found the issue particularly on the Go SMS Pro version 7.91, though they mentioned in a blog post that it was still in place.

Related:

Comments


Other news