(Updated Dec. 1, 2020 – Despite the app developer working on a fix for this security flaw for over two weeks, the app is still putting users’ personal messages at risk of exposure. We highly recommend deleting this app if it’s on your device.)
Data leaks are bad enough, but it officially becomes a security nightmare when one affects hundreds of millions of users.
Earlier this year, an unsecured server belonging to Microsoft exposed the data of more than 250 million users. This included email addresses that hackers and scammers could use for criminal activities. Tap or click here to see how this leak unfolded.
A new data leak affects more than 100 million people who installed one of the most popular messaging apps around. Anyone who exchanged files on the app may have accidentally exposed their private data without knowing it.
Millions of GO SMS Pro users had their photos and files exposed
GO SMS Pro is one of Android’s most popular messaging apps — with more than 100 million installations according to its Google Play listing.
Researchers at Trustwave recently discovered a security flaw that allowed photos and files exchanged on GO SMS Pro to be publicly exposed.
In a new report, the researchers outlined the flaw and informed the app’s developer of their findings. When a user sends a file to someone without the app installed, the app uploads the file to its servers and shares a web address for the recipient to click on. Unfortunately, the web addresses shared by the app were numbered sequentially and easy to predict.
An intelligent hacker or cybercriminal could guess an attachment URL and see its contents with enough time.
Trustwave shared its findings with TechCrunch, which tested and confirmed the flaws themselves. They were able to view private images like a screenshot with bank information, an order confirmation with a home address and an arrest record.
As with most security flaw discoveries, Trustwave gave the app’s developer 90 days to come up with a fix. Time expired without a peep from the developers, which is why Trustwave went public with what it found.
In a nutshell, if you used the app to send files containing sensitive information to any non-users, the files could still be up in the air for anyone to look at.
I use GO SMS Pro. What can I do to protect my information?
Unfortunately, there isn’t a fix that can protect files that have already been sent. We’d recommend that any active GO SMS Pro users stop using the app to send sensitive media files. In other words, act as if anything you send on the app is public.
In the meantime, if you’re looking for a secure messaging app you can use every day, there are plenty of encrypted options that protect your text and media files from exposure. All you’ll need to do is make sure the people you’re speaking with have the app installed, too.