Saturday, January 16, 00:42
Home security GO SMS Pro: The popular chat application exposes user messages

GO SMS Pro: The popular chat application exposes user messages

Η GO SMS Pro, a popular Android chat application, with 100 million downloads, exposes private messages (mainly multimedia files) sent to each other by users.

GO SMS Pro

According to her security researchers TrustwaveThe application GO SMS Pro has one vulnerability, which may be used by third parties for acquisition access in private voice messages, videos and photos shared by users.

How are private messages exposed?

Private media files sent by users to contacts who have not installed the application on their devices, may be compromised through servers of the application. This is done using one abbreviated URL that redirects to a content delivery network (CDN) server, used by GO SMS Pro to store all sent files.

These abbreviated URLs are generated sequentially (with a hexadecimal counter) each time a file is shared between users and stored on the CDN server.

chat

This allows anyone to see the private messages (files) that users of the application send to each other.

Trustwave researchers said that it is very easy to create a simple one script that would quickly create a list of addresses associated with photos and videos sent via GO SMS Pro.

"Getting the generated URLs and pasting them into the multi-tab extension in Chrome or Firefox, you can easily access private (and possibly sensitive) media files sent by users of this application", They explained.

Trustwave has decided to publicly reveal the vulnerability that makes the Android chat application vulnerable, as well as tried to contact the application developer but found no response. The researchers contacted the developer on August 18, and after receiving no response to three other emails sent in September, October and earlier this week, decided to reveal the vulnerability.

Source: Bleeping Computer

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...