Popular Android Messaging App Possesses Flaw That Exposes Private User Messages

You might think that WhatsApp is pretty much the only messaging option that anyone ever ends up using, but the fact of the matter is that there are a lot of other options out there. One major option is GO SMS Pro, a messaging app that has been downloaded over 100 million times which means that it’s certainly managed to attain a pretty significant level of success in the communication industry. However, the app has been revealed to possess a pretty serious flaw that has made it so that the multimedia that users share with one another through the app can become relatively easy to compromise.

Basically, the way it works is that you can send media files to contacts of yours that might not have the app installed. This would result in them receiving a text message, but since they don’t have the app they would have to access through a link that would be provided that would take them to a Content Delivery Network that stores this multimedia on behalf of the chatting app.

The problem with this is that these URLs are sequentially generated, which means that if you see one URL you would be able to guess what the others would be as well even though you have not received the message that the user who owns that multimedia had sent out to be people. As a result of the fact that this is the case, malicious actors may be able to very easily access this data without really having to put all that much effort into this sort of thing.

What’s truly concerning is that the security researchers over at Trustwave informed the chat app’s developer about this issue three months ago, but after not receiving a response to any of their numerous emails they decided to go public with this so that users can be informed and can avoid using this app or at the very least sharing any kind of multimedia through it. This is a pretty chilling reminder of how careful you need to be when it comes to the various apps you use.

Read next: Bug in Facebook Messenger’s Android App Caused Gross Privacy Violations Among Users
Previous Post Next Post