 |
| Serious vulnerabilities in one of the most popular Android text messaging apps |
Security researchers have discovered that Go SMS Pro is a serious bug. It is one of the most popular messaging apps for Android offered by Google.
Trustwave researchers stated that the Go SMS Pro Android app vulnerability specifically exposed photos, videos, and other files sent by users. To make matters worse, the app maker did nothing to address the vulnerability.
Trustwave researchers discovered the vulnerability last August and contacted the app maker to set a 90-day deadline to resolve the issue. It is a common practice to expose the vulnerability to allow sufficient time to fix it. However, after the deadline, no response was received and the researchers announced the vulnerability.
Trustwave announced its results to TechCrunch this week.
The company stated that the app uploads files to their server and allows Go SMS Pro users to send images, videos or other files to people who do not have the app installed on their device, and users can share URLs via SMS. So that the recipient can view the file app without installing it. However, the researchers found that these URLs were persistent. This means that anyone who knows a predictable URL can search millions of different URLs from user files.
According to the Google Play app store listing, Go SMS Pro has been downloaded more than 100 million times.
TechCrunch examined the security firm's results and found the person's phone number from dozens of links and screenshots of bank transfers, order confirmation with the person's home address, records of arrests, etc.
Carl Siegler, director of security research at Trustwave, said that while it is impossible to target a specific user, all files sent with the app should be publicly available.