Go SMS Professional, a preferred messaging app for Android units, has been pulled from Google Play. The brand new improvement comes simply hours after a critical vulnerability was reported within the app that would permit anybody to entry images, movies, and different recordsdata despatched privately by its customers. Go SMS Professional builders had been knowledgeable concerning the flaw again in August. Nevertheless, no readability has been made on whether or not it has been patched but. The app had over 100 million downloads from Google Play earlier than its elimination.
Safety researchers at Singaporean cyber-security agency Trustwave discovered the flaw in Go SMS Professional that publicly exposes media recordsdata transferred between its customers. The app permits customers to ship media recordsdata akin to images and movies to others, identical to another messaging app. If the recipient does not have Go SMS Professional put in on their units, the media file is shared with them as a URL by way of common SMS. This hyperlink lets the recipient view the media file utilizing a Internet browser.
The researchers, as reported by TechCrunch, discovered that the hyperlinks despatched by means of Go SMS Professional had been sequential and may very well be predicted by somebody who is aware of the way it generates hyperlinks. Because of this a nasty actor might be capable to entry the recordsdata shared by any Go SMS Professional consumer by merely altering some elements of the URL generated by the app.
Trustwave researchers discovered the problem significantly on the Go SMS Professional model 7.91, although they talked about in a weblog publish that it was nonetheless in place. TechCrunch’s Zack Whittaker talked about in his report that after taking a look at a couple of dozen hyperlinks, he noticed an individual’s telephone quantity, a screenshot of a financial institution switch, and an order affirmation that included a person’s house tackle, amongst different particulars.
Go SMS Professional creator GOMO Apps was reached out by Trustwave researchers shortly after they found the flaw in August. Nevertheless, the Guangzhou-based firm did not reply and make sure whether or not the problem was mounted.
TechCrunch reported that it tried reaching out to the Go SMS Professional maker by emailing on two addresses linked to the app. Nevertheless, an electronic mail despatched to at least one tackle bounced again with a message that the inbox was full, whereas one other electronic mail was obtained however wasn’t responded and a follow-up was not even opened.
Devices 360 additionally despatched an electronic mail to GOMO Apps for touch upon the problem however did not obtain any response on the time of submitting this story.
The Go SMS Professional app is no longer available for obtain from Google Play. It might, nonetheless, nonetheless be there on hundreds of thousands of units the place it was put in earlier than its elimination. The app additionally seems to nonetheless be reside in some areas as a link for the US location was exhibiting its itemizing on Google Play, although it is not accessible in India.
That stated, in the event you’re among the many customers of Go SMS Professional, you must take into account switching to a unique app.
In 2020, will WhatsApp get the killer characteristic that each Indian is ready for? We mentioned this on Orbital, our weekly know-how podcast, which you’ll subscribe to by way of Apple Podcasts or RSS, download the episode, or simply hit the play button under.