Evening Washington
Saturday, May 21, 2022
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business
No Result
View All Result
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business
No Result
View All Result
Evening Washington
No Result
View All Result
Home TECH

Android app downloaded millions of times from Google Play Store has serious security flaws

admin by admin
November 24, 2020
in TECH
0
Android app downloaded millions of times from Google Play Store has serious security flaws
0
SHARES
7
VIEWS
Share on FacebookShare on Twitter

RELATED POSTS

Microsoft’s Windows 11 blue screen of death to become black

Think someone has hacked your iPhone to spy on you? Here’s how to check and protect yourself

Android users need to be aware of a serious security issue with a hugely popular Google Play Store app that’s been downloaded hundreds of millions of times. The Go SMS Pro app is a popular messaging service which has been downloaded by Android users more than 100million times from the Google Play Store. But security researchers have discovered a major vulnerability with the Android app that could expose private photos, videos and other files that have been sent by users.

And, according to a post by TechCrunch, the app’s makers have not fixed the issue despite being notified about in months ago.

In August security researchers from Singapore-based cybersecurity firm Trustwave discovered the flaw with Go SMS Pro and contacted the app makers about it.

Devs were given a 90-day deadline to close up the vulnerability before the security experts went public with their findings.

However, after this date passed without hearing back from the makers of the Android app Trustwave released details of their research.

In a post online, Trustwave said the flaw was discovered with Go SMS Pro version 7.91 – with older and future versions believed to be impacted too.

Like with other messaging apps, Go SMS Pro lets users of the programmes send private media such as photos, videos or files to one another.

However, the problem arises when someone using Go SMS Pro sends something to another Android user that doesn’t have this app installed.

When this happens, the media file is sent to the recipient as a URL instead of in the app – which allows the user receiving the file to click on a web link and open it in their browser.

However, researchers found these URLs were easy to predict as they were created sequentially.

So any nefarious party that knew how these URLs were created could easily tinker with them to access millions of different web addresses.

In their study online Trustwave said: “Accessing the link was possible without any authentication or authorisation, meaning that any user with the link is able to view the content.

“In addition, the URL link was sequential (hexadecimal) and predictable. Furthermore, when sharing media files, a link will be generated regardless of the recipient having the app installed.

“As a result, a malicious user could potentially access any media files sent via this service and also any that are sent in the future. This obviously impacts the confidentiality of media content sent via this application.”

While Karl Sigler, senior security research manager at Trustwave, told TechCrunch: “An attacker can create scripts that could throw a wide net across all the media files stored in the cloud instance”.

Trustwave said they have contacted the makers of the Go SMS Pro app multiple times since August 18 without receiving a response.

As a result, at the time of releasing their findings, Trustwave said the vulnerability still existed and presented a risk to users.

They advised anyone using the Go SMS Pro Android app against sending media files that they wished remained private or contained sensitive data until this issue was resolved.

SOURCE

Tags: AndroidGoogle Play
ShareTweetPin
admin

admin

Related Posts

Microsoft’s Windows 11 blue screen of death to become black

Microsoft’s Windows 11 blue screen of death to become black

by admin
July 2, 2021
0

Microsoft’s so-called blue screen of death (BSoD) will turn black in the new Windows 11 operating system, according to those...

Think someone has hacked your iPhone to spy on you? Here’s how to check and protect yourself

Think someone has hacked your iPhone to spy on you? Here’s how to check and protect yourself

by admin
June 1, 2021
0

QUESTION: Is there a way to tell if someone has hacked my iPhone and is spying on me? ANSWER: Apple has always...

Ransomware hack cripples United Health Services hospitals, facilities across the US

Ransomware hack cripples United Health Services hospitals, facilities across the US

by admin
October 19, 2020
0

A nationwide cyberattack has crippled operations at Universal Health Services, one of the nation’s l..

Save the Children? Extremist conspiracy movement QAnon fabricates pedophile claims against Biden as election looms

Save the Children? Extremist conspiracy movement QAnon fabricates pedophile claims against Biden as election looms

by admin
October 19, 2020
0

President Donald Trump recently shared a tweet with his 86 million followers that accused his Democr..

Microsoft 365 suffers outage across the US

Microsoft 365 suffers outage across the US

by admin
October 19, 2020
0

Microsoft 365 was down across the United States Monday evening, affecting users’ access to multiple ..

Next Post
Carlos Ghosn: UN experts tell Japan treatment of ex-Nissan boss ‘fundamentally unfair’

Carlos Ghosn: UN experts tell Japan treatment of ex-Nissan boss 'fundamentally unfair'

1% of farms operate 70% of world’s farmland

1% of farms operate 70% of world's farmland

Sport

Tokyo 2020: US sprinter Sha’Carri Richardson set to miss Olympic Games after positive cannabis test

Tokyo 2020: US sprinter Sha’Carri Richardson set to miss Olympic Games after positive cannabis test

July 2, 2021
Manchester United’s Ed Woodward got one day’s notice of Super League launch

Manchester United’s Ed Woodward got one day’s notice of Super League launch

April 23, 2021
  • 111 Followers
  • 81.4k Followers
  • 163k Subscribers
  • 650 Followers
  • 23.5k Followers

MOST VIEWED

Plugin Install : Popular Post Widget need JNews - View Counter to be installed

CATEGORY

  • Africa
  • Asia
  • Business
  • Europe
  • Fashion
  • Health
  • latest news
  • Sports
  • TECH
  • Uncategorized
  • USA News
  • World

SITE LINKS

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • Landing Page
  • All Features
  • Get JNews
  • Contact

© 2020 eveningwashington.com.

No Result
View All Result
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business

© 2020 eveningwashington.com.