ANDROID users are encouraged to avoid dangerous apps that have been downloaded 100 million times on the Google Play store.
US cybersecurity enthusiasts warn in a new report that the Go SMS Pro messaging app exposes users’ private photos and videos due to a serious security flaw.
The bug was reported by researchers to the creator of the app in August, and researchers imposed a 90-day deadline to fix the issue.
After that date passed without a reply, a team from Chicago-based cyber firm Trustwave shared the results online.
so Blog post For more details on last week’s findings, researchers warned that Go SMS Pro publishes media files sent between users of the app.
“This exposure includes private voice messages, video messages, and photos,” they write.
“Confidential media shared between users of this messenger app is at risk of being compromised by unauthenticated attackers or curious users.”
According to Trustwave, this flaw was discovered in Go SMS Pro version 7.91, but older and future versions are also believed to be affected.
Like any other messaging app, GoSMS Pro, one of the most popular messaging apps on the Google Play store, allows users to send files to each other.
However, unlike other apps, problems occur when a Go SMS Pro user sends something to another Android user who does not have this app installed.
When this happens, Go SMS Pro creates a web page that is shared with the recipient via SMS, allowing the recipient to view the file.
However, Trustwave researchers have found that these web addresses are easy to guess, especially because they are created in sequence.
All a hacker needs to access a file is to anticipate the URL attached to the file and view the file without permission.
“Malicious users may have access to media files sent through this service and media files sent in the future,” said Trustwave.
How to protect yourself from hackers
- Protect your devices and networks by keeping them up to date. Use the latest supported version, use antivirus, and scan regularly to protect against known malware threats.
- Use multi-factor authentication to reduce the impact of password compromise.
- Tell staff how to report suspected phishing emails, give them confidence, and investigate reports quickly and thoroughly.
- Set up security monitoring to collect the data needed to analyze network intrusions
- Prevents and detects lateral movement in your organization’s network.
“This obviously affects the confidentiality of the media content sent through this application.”
According to Trustwave, the elusive maker of the app hasn’t responded to multiple emails sent by researchers since August 18.
As a result, vulnerabilities still exist and pose a risk to users. The app is still published on the Google Play store.
Trustwave urged app users not to send media files or media files containing sensitive data that they want to keep private until the issue is resolved.
Hotmail Down: Why does Outlook keep asking for passwords?
Incredible Black Friday deal to get iPhone 11 for just £ 26 / month
Charli D’Amelio, 16, is the first person with 100 million TikTok followers
Black Friday Kindle Deals: Where to Find the Lowest Prices for 2020
Sky adds 40 movies for Christmas – will look incredible on this popular TV
Sonos Beam Saves £ 100 on Black Friday Sale
The Americans mysteriously received text from “dead husbands, companions, parents” due to a strange national phone bug.
Also, if you have an iPhone, you’ll need to update to the new iOS 13.2.2 to increase phone signal and app load times.
Are you worried about cyber criminals? Let us know in the comments …
We pay for your story! Is there a story about the Sun Online Tech & Science team? Please email us at [email protected]