Go SMS Pro, the favored immediate messaging Android app, has been pulled down from Google Play Store. At the second, Google has not supplied any official assertion over the app’s unavailability; nonetheless the event comes days after the Singaporean cyber-security agency Trustwave had claimed that Go SMS Pro posed severe safety threats that risked exposing personal photographs, movies, and different recordsdata exchanged by its customers. The safety researchers have additional acknowledged that the China-based messaging firm, Go SMS Pro was knowledgeable in regards to the safety flaw again in August. The Android app had over 100 million downloads from Google Play earlier than its removing.
As per a report TechCrunch, Trustwave after discovering the safety flaw had given Go SMS Pro a 90-day deadline to repair the problem, a regular follow between firms in vulnerability disclosure to permit sufficient time for a repair. But after the deadline elapsed with out listening to again, the safety researchers went public to make sure everybody’s safety. In a weblog publish, Trustwave says that the weak point appeared on Go SMS Pro Android v7.91, although it’s unclear whether or not different variations of the app carried the identical flaw. The safety firm explains that Go SMS Pro, like another messaging apps, allowed customers to alternate personal media recordsdata and messages. Additionally, customers with out the app may additionally obtain media recordsdata by way of a particular hyperlink, acquired by way of SMS.
However, the safety agency had discovered that accessing hyperlinks was attainable with none authentication or authorisation, which means that any dangerous actor with the hyperlink, can view the content material similar to private photographs or movies. Besides, the URL hyperlink was sequential (hexadecimal) and predictable, in different phrases, it was simple to intercept and hack. “When sharing media files, a link will be generated regardless of the recipient having the app installed. As a result, a malicious user could potentially access any media files sent via this service and also any that are sent in the future. This obviously impacts the confidentiality of media content sent via this application,” the safety firm added.
Tech Crunch report additionally added that the publication in a position to confirm the discovering by Trustwave. The firm by way of the decoded hyperlink had entry to a person’s cellphone quantity, financial institution transaction screenshot, an arrest report, and extra. As talked about, the Go SMS Pro app has been pulled down from Google Play Store, and the corporate has additionally not shared any particulars over the flaw that was identified again in August. Users who’re nonetheless utilizing the app on their Android smartphone are suggested to delete it till extra data from both Google or Go SMS Pro.