Evening Washington
Friday, January 22, 2021
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business
No Result
View All Result
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business
No Result
View All Result
Evening Washington
No Result
View All Result
Home TECH

Android app downloaded millions of times from Google Play Store has serious security flaws

admin by admin
November 24, 2020
in TECH
0
Android app downloaded millions of times from Google Play Store has serious security flaws
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

RELATED POSTS

Ransomware hack cripples United Health Services hospitals, facilities across the US

Save the Children? Extremist conspiracy movement QAnon fabricates pedophile claims against Biden as election looms

Android users need to be aware of a serious security issue with a hugely popular Google Play Store app that’s been downloaded hundreds of millions of times. The Go SMS Pro app is a popular messaging service which has been downloaded by Android users more than 100million times from the Google Play Store. But security researchers have discovered a major vulnerability with the Android app that could expose private photos, videos and other files that have been sent by users.

And, according to a post by TechCrunch, the app’s makers have not fixed the issue despite being notified about in months ago.

In August security researchers from Singapore-based cybersecurity firm Trustwave discovered the flaw with Go SMS Pro and contacted the app makers about it.

Devs were given a 90-day deadline to close up the vulnerability before the security experts went public with their findings.

However, after this date passed without hearing back from the makers of the Android app Trustwave released details of their research.

In a post online, Trustwave said the flaw was discovered with Go SMS Pro version 7.91 – with older and future versions believed to be impacted too.

Like with other messaging apps, Go SMS Pro lets users of the programmes send private media such as photos, videos or files to one another.

However, the problem arises when someone using Go SMS Pro sends something to another Android user that doesn’t have this app installed.

When this happens, the media file is sent to the recipient as a URL instead of in the app – which allows the user receiving the file to click on a web link and open it in their browser.

However, researchers found these URLs were easy to predict as they were created sequentially.

So any nefarious party that knew how these URLs were created could easily tinker with them to access millions of different web addresses.

In their study online Trustwave said: “Accessing the link was possible without any authentication or authorisation, meaning that any user with the link is able to view the content.

“In addition, the URL link was sequential (hexadecimal) and predictable. Furthermore, when sharing media files, a link will be generated regardless of the recipient having the app installed.

“As a result, a malicious user could potentially access any media files sent via this service and also any that are sent in the future. This obviously impacts the confidentiality of media content sent via this application.”

While Karl Sigler, senior security research manager at Trustwave, told TechCrunch: “An attacker can create scripts that could throw a wide net across all the media files stored in the cloud instance”.

Trustwave said they have contacted the makers of the Go SMS Pro app multiple times since August 18 without receiving a response.

As a result, at the time of releasing their findings, Trustwave said the vulnerability still existed and presented a risk to users.

They advised anyone using the Go SMS Pro Android app against sending media files that they wished remained private or contained sensitive data until this issue was resolved.

SOURCE

Tags: AndroidGoogle Play
ShareTweetPin
admin

admin

Related Posts

Ransomware hack cripples United Health Services hospitals, facilities across the US

Ransomware hack cripples United Health Services hospitals, facilities across the US

by admin
October 19, 2020
0

A nationwide cyberattack has crippled operations at Universal Health Services, one of the nation’s l..

Save the Children? Extremist conspiracy movement QAnon fabricates pedophile claims against Biden as election looms

Save the Children? Extremist conspiracy movement QAnon fabricates pedophile claims against Biden as election looms

by admin
October 19, 2020
0

President Donald Trump recently shared a tweet with his 86 million followers that accused his Democr..

Microsoft 365 suffers outage across the US

Microsoft 365 suffers outage across the US

by admin
October 19, 2020
0

Microsoft 365 was down across the United States Monday evening, affecting users’ access to multiple ..

Trump or Biden: Who won the first presidential debate? Social media picked a winner

by admin
October 19, 2020
0

Social media was abuzz with reactions to Tuesday night’s political debate, and data suggests that Am..

First-ever auction of AI-created artwork set for Christie’s gavel

by webadmin
October 3, 2020
0

When we get out of the glass bottle of our ego and when we escape like the squirrels in the...

Next Post
Carlos Ghosn: UN experts tell Japan treatment of ex-Nissan boss ‘fundamentally unfair’

Carlos Ghosn: UN experts tell Japan treatment of ex-Nissan boss 'fundamentally unfair'

1% of farms operate 70% of world’s farmland

1% of farms operate 70% of world's farmland

Sport

Mets retaining Luis Rojas as manager

Mets retaining Luis Rojas as manager

November 24, 2020
Nets no longer focused on James Harden trade pursuit

Nets no longer focused on James Harden trade pursuit

November 24, 2020
  • 21.4M Fans
  • 79 Followers
  • 93.2k Subscribers
  • 657 Followers
  • 22.9k Followers

MOST VIEWED

  • ‘Amphan’ may bring first flood of year in Assam: CWC

    ‘Amphan’ may bring first flood of year in Assam: CWC

    0 shares
    Share 0 Tweet 0
  • Where to buy Bitcoin in the UK and how does it work

    0 shares
    Share 0 Tweet 0
  • Russia Scores Gold In Women’s Figure Skating, Leaving USA Ladies Without Medals

    0 shares
    Share 0 Tweet 0
  • Playboy Model Marisa Papen Arrested For Dragging Cross In Front Of Vatican While Naked

    0 shares
    Share 0 Tweet 0
  • Goth crocs with spikes and chains exist – and the internet kind of likes them

    0 shares
    Share 0 Tweet 0

CATEGORY

  • Africa
  • Asia
  • Business
  • Europe
  • Fashion
  • Health
  • latest news
  • Sports
  • TECH
  • Uncategorized
  • USA News
  • World

SITE LINKS

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • Landing Page
  • All Features
  • Get JNews
  • Contact

© 2020 eveningwashington.com.

No Result
View All Result
  • Africa
  • Asia
  • Europe
  • latest news
  • USA News
  • World
  • Other
    • TECH
    • Health
    • Fashion
    • Sports
    • Business

© 2020 eveningwashington.com.