Go SMS Pro is leaking confidential messages, data from millions of exposed users

The popular Go SMS Pro messaging app is filtering sensitive media exchanged between app users, according to research by Trustwave. Vulnerable user media include private voice messages, video messages, and photos. The development was first reported by TechCrucnh, who verified Trustwave’s research. TechCrunch found a person’s phone number, a screenshot of a bank transfer, an order confirmation that included a home address, an arrest record, and explicit photos while viewing links shared through the Go SMS Pro app.

According to the report, Trustwave researchers discovered the faulty Go SMS Pro app in August and advised the app maker to fix them. However, even after the standard 90-day time frame from August 18, 2020 to fix the problem, the app manufacturer “has done nothing to fix the error.” After the deadline, the researchers posted about the app’s flaws in public.

GoSMS Pro is said to have 100 million downloads on the Google PlayStore and was found to publicly expose transferred media between app users.

Users who do not have the app are reportedly receiving URLs via SMS if any messages are sent to them using the app. Users had to click on this URL to access the message that would open in a browser. According to research by Spider Labs, anyone without authentication or authorization who had access to the URL could open it and gain access to sensitive media shared between users.

The investigation further indicated that the URL link was sequential (hexadecimal) and predictable and that when sharing media files, a link was generated regardless of whether the recipient had the application or not.

“As a result, a malicious user could access any multimedia file sent through this service and also any that is sent in the future. This obviously affects the confidentiality of multimedia content sent through this application,” the investigation notes. The investigation also warns users to avoid sending private media files that may contain sensitive data until the vendor recognizes and fixes the vulnerability.

“An attacker can create scripts that could launch a wide network through all the media files stored in the cloud instance,” Karl Sigler, senior manager of security research at Trustwave, told TechCrunch.

Related Articles

Coolie No.1 Sara Ali Khan In the short screen time film people troll her and she reacts to Coolie No. The actress said...

One of the youngest actresses of Bollywood, Sara Ali Khan is the most talked about. Before making his...

Realme 7i 5 Point Review: Is it a good buy for Rs 11,999?

Realme 7i launched in India a few weeks ago. It comes as a trimmed version of the Realme 7, which forms the basis...

Stay Connected

153FansLike
637FollowersFollow

Latest Articles

Coolie No.1 Sara Ali Khan In the short screen time film people troll her and she reacts to Coolie No. The actress said...

One of the youngest actresses of Bollywood, Sara Ali Khan is the most talked about. Before making his...

Realme 7i 5 Point Review: Is it a good buy for Rs 11,999?

Realme 7i launched in India a few weeks ago. It comes as a trimmed version of the Realme 7, which forms the basis...

Jabra Elite 85t with Advanced ANC launched in India, priced at Rs 18,999

Jabra has added to its lineup of true wireless headphones in India with the launch of the new Elite 85t series in the country....