Android users have been asked to avoid a bad app with 100 million downloads in the Google Play Store.
U.S. Cyber Security Puffs warns in a new report that the Go SMS Pro messaging app exposes the personal photos and videos of its users due to a major security flaw.
The bugs were reported by the researchers to the app’s creators in August, who set a 90-day deadline to fix the problem.
After that date passed without asking again, the Chicago-based cyber company TrustWave team shared the results online.
A Website Describing the findings last week, researchers warned that the Go SMS Pro application would expose media files sent among users.
“This expression includes personal voice messages, video messages and photos,” they wrote.
“Any sensitive media shared between users of this Messenger application is at risk of being compromised by an unauthorized attacker or interested user.”
TrustWave said it found a flaw with the Go SMS Pro version 7.91, although it is believed that older and future versions will also be affected.
Like other messaging apps, Go SMS Pro – one of the most popular messaging apps on the Google Play Store – allows users to send files to each other.
However, unlike other apps, the Go SMS Pro user has a problem sending something to another Android user who does not have this application installed.
When this happens, Go SMS Pro creates a webpage that is shared via SMS with the receiver so they can see the file.
However, TrustWave researchers have found that these web addresses are easy to guess, especially as they are constantly being generated.
All a hacker has to do to access your files is to guess the URL attached to your files to view them without your permission.
“A malicious user may access any media files sent through this service and any media files sent in the future,” TrustWave said.
How to be safe from hackers
- Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus, and scan regularly to protect yourself from known malware threats.
- Use multi-factor authentication to minimize the impact of password compromises.
- Tell employees how to report suspicious phishing emails, make sure they are confident in doing so, and investigate their reports promptly and thoroughly.
- Set up security tracking capabilities so you can gather the data needed to analyze network intrusions
- Prevent and detect lateral movement in your company’s networks.
“This explicitly affects the confidentiality of the media content sent through this application.”
TrustWave said the elusive makers of the app have not responded to numerous emails sent by researchers since Aug. 18.
As a result, the vulnerability still exists and poses a risk to users. The app is still live on the Google Play Store.
TrustWave asked users of the app to refrain from sending media files that they would like to keep privately or contain sensitive data.
Hotmail below: Why does Outlook ask for my password?
The incredible Black Friday deal gets you an iPhone 11 for 26 a month
16-year-old Charlie de Amelio is the first person with 100 million dicto followers
Sky adds 40 images to Christmas – they look incredible on this typical TV
Sonos Beam reduced by 100 on Black Friday sales
Black Friday Kindle Deals: Where to Find the Best Price in 2020
In a bizarre nationwide phone bug, Americans mysteriously received texts from ‘dead husbands, friends and parents’.
Also, if you have an iPhone, you may need to upgrade to the new iOS 13.2.2 to increase your phone signal and app loading times.
Are you worried about cybercriminals? Let us know in the comments …
We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at [email protected]