Go SMS Pro leaks private message files with unsecure URLs
Millions of GO SMS Pro users had their photos and files exposed
GO SMS Pro is one of Android’s most popular messaging apps — with more than 100 million installations according to its Google Play listing.
Your daily dose of tech smarts
Learn the tech tips and tricks only the pros know.
Email address
Enter your email address
SIGN ME UP
RELATED: Millions of records from free streaming service leaked on Dark Web
Researchers at Trustwave recently discovered a security flaw that allowed photos and files exchanged on GO SMS Pro to be publicly exposed.
In a new report, the researchers outlined the flaw and informed the app’s developer of their findings. When a user sends a file to someone without the app installed, the app uploads the file to its servers and shares a web address for the recipient to click on. Unfortunately, the web addresses shared by the app were numbered sequentially and easy to predict.
An intelligent hacker or cybercriminal could guess an attachment URL and see its contents with enough time.
Trustwave shared its findings with TechCrunch, which tested and confirmed the flaws themselves. They were able to view private images like a screenshot with bank information, an order confirmation with a home address and an arrest record.
As with most security flaw discoveries, Trustwave gave the app’s developer 90 days to come up with a fix. Time expired without a peep from the developers, which is why Trustwave went public with what it found.
In a nutshell, if you used the app to send files containing sensitive information to any non-users, the files could still be up in the air for anyone to look at.
I use GO SMS Pro. What can I do to protect my information?
Unfortunately, there isn’t a fix that can protect files that have already been sent. We’d recommend that any active GO SMS Pro users stop using the app to send sensitive media files. In other words, act as if anything you send on the app is public.
In the meantime, if you’re looking for a secure messaging app you can use every day, there are plenty of encrypted options that protect your text and media files from exposure. All you’ll need to do is make sure the people you’re speaking with have the app installed, too.
GO SMS Pro is one of Android’s most popular messaging apps — with more than 100 million installations according to its Google Play listing.
Your daily dose of tech smarts
Learn the tech tips and tricks only the pros know.
Email address
Enter your email address
SIGN ME UP
RELATED: Millions of records from free streaming service leaked on Dark Web
Researchers at Trustwave recently discovered a security flaw that allowed photos and files exchanged on GO SMS Pro to be publicly exposed.
In a new report, the researchers outlined the flaw and informed the app’s developer of their findings. When a user sends a file to someone without the app installed, the app uploads the file to its servers and shares a web address for the recipient to click on. Unfortunately, the web addresses shared by the app were numbered sequentially and easy to predict.
An intelligent hacker or cybercriminal could guess an attachment URL and see its contents with enough time.
Trustwave shared its findings with TechCrunch, which tested and confirmed the flaws themselves. They were able to view private images like a screenshot with bank information, an order confirmation with a home address and an arrest record.
As with most security flaw discoveries, Trustwave gave the app’s developer 90 days to come up with a fix. Time expired without a peep from the developers, which is why Trustwave went public with what it found.
In a nutshell, if you used the app to send files containing sensitive information to any non-users, the files could still be up in the air for anyone to look at.
I use GO SMS Pro. What can I do to protect my information?
Unfortunately, there isn’t a fix that can protect files that have already been sent. We’d recommend that any active GO SMS Pro users stop using the app to send sensitive media files. In other words, act as if anything you send on the app is public.
In the meantime, if you’re looking for a secure messaging app you can use every day, there are plenty of encrypted options that protect your text and media files from exposure. All you’ll need to do is make sure the people you’re speaking with have the app installed, too.
