- The Go SMS Professional app exposes non-public photographs, movies, and different recordsdata of tens of millions of customers.
- Safety researchers discovered the flaw again in August.
- The app maker has not but responded to the findings or taken any steps to repair it.
In relation to third-party messaging apps for Android, Go SMS Professional is likely one of the hottest ones on the market. It has over 100 million installs as per its Google Play Retailer itemizing and markets itself because the primary platform to interchange Android’s inventory messaging app. Sadly for its customers, safety researchers have found a significant safety flaw within the app.
TechCrunch has revealed a report primarily based on analysis performed by Trustwave, revealing that tens of millions of Go SMS Professional customers are susceptible to file theft.
The app permits customers to share photographs, movies, and different recordsdata within the type of an internet tackle in order that those that don’t even have the app can entry the recordsdata simply with the assistance of the hyperlink. Safety researchers at Trustwave found that these hyperlinks are sequential. Which means anybody who is aware of one net tackle can predict others and entry recordsdata saved in them with out correct consent.
Furthermore, “An attacker can create scripts that would throw a large internet throughout all of the media recordsdata saved within the cloud occasion,” Karl Sigler, Senior Safety Analysis Supervisor at Trustwave instructed TechCrunch.
The weak point was found on model 7.91 of the Go SMS Professional app. It’s presently on model 7.93, with the most recent replace having rolled out on November 18. Nonetheless, Trustwave believes that the vulnerability possible impacts earlier and doubtlessly future variations as nicely. TechCrunch additionally independently verified Trustwave’s findings.
The safety agency shared its discovering with the app maker in August and gave it 90 days to repair the difficulty, as is customary follow within the business. However after the deadline expired with no response, the researchers made their findings public.
So in case you’re utilizing Go SMS Professional proper now, chances are high you’re nonetheless affected. You would possibly need to contemplate making a swap to a different messaging app until the flaw is mounted. We’ll replace this text if the app maker ever responds to or takes motion on the difficulty.
Learn subsequent: The most effective messenger apps for Android