This messaging app exposes you online with all your personal information



[ad_1]

The Go SMS Pro messaging app, which has over 100 million installs in the Google Play Store, has a huge security flaw that allows people to access sensitive content sent using the app.

The worst part, however, is that the application manufacturer was notified of this issue months ago but did not make any updates to fix the problem.

What information can be accessed through the application?

“By examining just a few dozen links, we found a person’s phone number, a screenshot of a bank transfer, an order confirmation that included their home address, an arrest file, and explicit photos,” he says. Zack Whittaker, cybersecurity reporter at TechCrunch.

The process behind it goes like this: Go SMS Pro loads every media file sent over the internet and makes those files accessible with a URL, according to a Trustwave report.

When you send a message with multimedia content via Go SMS Pro, such as a photo or video, the application uploads the content to its servers, creates a URL that contains it, and sends that URL to the recipient.

If the recipient also has Go SMS Pro, the content is displayed directly in the message, but the application still uploads the file and continues to create that publicly accessible link on the internet.

The URL is a problem. No authentication is required to view the content of the link, which means that anyone can have access to its content.

And the URLs generated by the application have a sequential and predictable address, which means that anyone can find other files simply by changing the right parts of the URL.

Theoretically, you could also write a script to automatically generate sequential URLs, so you can quickly find and browse a lot of private content shared by people using Go SMS Pro.

What’s even worse is that the app developer didn’t respond to notifications, so it’s unclear if this vulnerability will ever be fixed. And the developer’s website listed on the Play Store list appears to be out of order.

So, if you’re using Go SMS Pro and don’t want the entire internet to have access to your data, you might want to look for another, more secure messaging app.



[ad_2]
Source link