Go SMS Pro security vulnerability exposes private files of millions of users
- The Go SMS Pro app makes private photos, videos and other files available to millions of users.
- Security researchers found the bug back in August.
- The app maker has not yet responded to the results or taken steps to fix them.
When it comes to third-party messaging apps for Android, Go SMS Pro is one of the most popular out there. It has more than 100 million installs as per its Google Play Store list and is marketing itself as the number one platform to replace Android’s stock messaging app. Unfortunately for its users, security researchers have discovered a major vulnerability in the app.
TechCrunch released a report based on research conducted by Trustwave that shows that millions of Go SMS Pro users are vulnerable to data theft.
The app allows users to share photos, videos, and other files in the form of a web address, so those who don’t even have the app can easily access the files using the link. Trustwave security researchers found that these links are sequential. This means that anyone who knows a web address can predict others and access files stored in it without proper consent.
“An attacker can create scripts that can throw a wide network over all media files stored in the cloud instance,” said Karl Sigler, Senior Security Research Manager at Trustwave TechCrunch.
The vulnerability was discovered in version 7.91 of the Go SMS Pro app. It is currently in version 7.93. The latest update was released on November 18th. However, Trustwave believes that the vulnerability is likely to affect earlier and possibly future versions. TechCrunch Trustwave also independently verifies results.
The security firm shared its findings with the app maker in August and gave it 90 days to fix the problem, as is common in the industry. After the deadline passed with no response, the researchers published their results.
So if you are currently using Go SMS Pro, you are likely still affected. You may want to switch to a different messaging app until the error is resolved. We will update this article if the app maker ever responds to the problem or takes action.
continue reading: The best messenger apps for Android