Messaging App Go SMS Pro Exposed Millions of Users' Private Photos and Files
Go SMS Pro, one of the most popular messaging apps for Android, is exposing photos, videos and other files sent privately by its users. Worse, the app maker has done nothing to fix the bug. TechCrunch reports: Security researchers at Trustwave discovered the flaw in August and contacted the app maker with a 90-day deadline to fix the issue, as is standard practice in vulnerability disclosure to allow enough time for a fix. But after the deadline elapsed without hearing back, the researchers went public. Trustwave shared its findings with TechCrunch this week. When a Go SMS Pro user sends a photo, video or other file to someone who doesn't have the app installed, the app uploads the file to its servers, and lets the user share a web address by text message so the recipient can see the file without installing the app. But the researchers found that these web addresses were sequential. In fact, any time a file was shared -- even between app users -- a web address would be generated regardless. That meant anyone who knew about the predictable web address could have cycled through millions of different web addresses to users' files. Go SMS Pro has more than 100 million installs, according to its listing in Google Play.
from Slashdot https://ift.tt/3pNnxoO
Read more of this story at Slashdot.
from Slashdot https://ift.tt/3pNnxoO
Related Posts :
Rust is Strong, Creates a Trademark-Owning Foundation- Microsoft Removes Registry Tweak That Allowed Users To Permanently Disable Windows Defender
- Ailing Scientist Hopes to Become the World's First Cyborg
- Slick New 'Dream Chaser' Space Plane Set For Launch in 2021
- Anti-Piracy Outfit Hires VPN Expert To Help Track Down The Pirate Bay
0 Response to "Messaging App Go SMS Pro Exposed Millions of Users' Private Photos and Files"
Post a Comment