Sci-tech

A popular Google Messages replacement exposed private user data

A popular Google Messages replacement exposed private user data”

Go SMS Pro messaging app has more than 100 million users.

Security researchers at the firm TrustWave found that the app was exposing user data carelessly by uploading files shared on the app to a public URL.

Apart from leaking messages, it also leaked private photos, financial transaction details, private messages, all part of SMS, on the web.

An intelligent hacker or cybercriminal could guess an attachment URL (in the hexadecimal sequence) and see its contents with enough time.

To understand the vulnerability, readers must note that this app allows users to share files with anyone regardless whether or not the recipient has the app or not.

The private media files sent by users to contacts who don't have the app installed on their devices can be accessed from the app's servers using a shortened URL which redirects to a content delivery network (CDN) server GO SMS Pro uses to store all shared files. This link lets the recipient view the media file using a Web browser.

More news: Afghanistan visit: PM Imran Khan spent less amount than previous rulers

Trustwave shared its findings with TechCrunch this week. They were able to view private images like a screenshot with bank information, an order confirmation with a home address and an arrest record. Worse, the app maker has done nothing to fix the bug.

Trustwave disclosed the vulnerability 90 days after contacting the app's developer on August 18 and after receiving no reply to three other emails sent in September, October, and earlier this week, in November. "However, a random picture of a sunset will likely not be easily traced back to a person", said Karl Sigler, senior security research manager at SpiderLabs. An attacker can leverage this technique to generate a list of URLs and steal user data without their knowledge. Even after informing about the flaw, they had done nothing to fix the bug.

It's likely that the flaw impacts the iOS version of GO SMS Pro as well, but until there's a fix in place, it is highly recommended to avoid sending media files using the affected messenger app.

You might think that WhatsApp is pretty much the only messaging option that anyone ever ends up using, but the fact of the matter is that there are a lot of other options out there.

This hasn't been the only data leak which became a security nightmare for millions of people this year. However, an email sent to one address bounced back with a message that the inbox was full, while another email was received but wasn't responded and a follow-up was not even opened.



Like this

loading...
loading...

Latest


21 November 2020
Subaru BRZ: Specs, Price, Features, Launch
This is pretty understandable given that engineers were working to improve a weight balance that was already close to perfection. Behind the front wheelarches there is a set of functional air vents which integrate into the generously sculpted side skirts.

21 November 2020
Ethiopia accuses World Health Organization chief of backing defiant Tigray region
Almost half of the refugees are children, and the United Nations called the conditions they are facing "extremely harsh". Thousands of others have fled the fighting and airstrikes, crossing to neighboring Sudan.

21 November 2020
Clippers keep Marcus Morris with 4-year deal
Despite some brief rumors about his possible departure, Marcus Morris has agreed to stay with the Los Angeles Clippers . He averaged 18.6 points and 7.1 rebounds in 27.8 minutes a game and shot 58.0 percent from the field.

21 November 2020
Meghan Markle court case: 7 surprising discoveries we learned
The documents revealed that she passed the secrets via a third party to the two royal insiders Carolyn Durand and Omid Scobie . The decision followed a hearing held in private, and Warby said the reason for the delay request should be kept confidential.

21 November 2020
Dolly Parton Donated $1 Million to Help Fund Moderna’s Covid Vaccine
Singing legend had donated money earlier this year for coronavirus research at Vanderbildt University in Nashville. Parton's contribution was originally announced by the Vanderbilt University Medical Center in April.

21 November 2020
J&K: Four terrorists gunned down in Nagrota district
PTISecurity personnel inspect the site of encounter at Nagrota Ban toll plaza in Jammu , Thursday, Nov. 19, 2020. A large number of weapons, including 11 AK-47 rifles, three pistols and 29 grenades , were recovered from them.

21 November 2020
Contestant dies after completing course on ‘Wipeout’ show hosted by John Cena
The " Wipeout " revival had been announced to air on TBS, but no premiere date was ever announced. A " Wipeout " contestant is dead after being hospitalized following a go at the obstacle course.

21 November 2020
Yellowstone County COVID-19 death toll rises to 112
Despite the rising cases and latest death, reported hospitalizations from coronavirus have remained relatively low. The WHD is reporting a total of 313 active lab confirmed cases in the county, and 1,092 cases recovered.

21 November 2020
Novak Djokovic beats Alexander Zverev, advances to semifinals at ATP Finals
It was really a thrilling match. "Hopefully we can have another great match, but hopefully this time with another outcome". Nole made a fast start on Centre Court, as he covered the court well and capitalised on Zverev errors to earn a 3-0 lead.

21 November 2020
South Australia scraps lockdown after ‘lie’ discovered
Stand-up consumption will once again be prohibited outdoors, and group bookings in hospitality venues will be capped at 10 people. Despite "deliberately" lying to authorities, it's been revealed the man will not face any consequences for his actions.