Go SMS Pro is vulnerable to a security flaw that allows access to photos, videos and other files of millions of users. The SMS app on Android has more than 100 million installations in the Play Store.
Trustwave security researchers discovered the vulnerability in August and it remains unsolved to this day. The researchers said they contacted the Go SMS Pro team and allowed 90 days to publicly share the details. This is the norm for security breaches. The deadline has expired, hence the publication of details.
A data exposure from Go SMS Pro users
When a user sends a file to someone who doesn’t have the application on their phone, the application sends the file to their servers. This allows the user to share an address so that the recipient can view the content without having to download Go SMS Pro. The problem is that the application generates an address every time, regardless of the recipient. And according to security researchers, the addresses are predictable. It is therefore “easy” for an attacker to discover them and access the files of millions of users.
Trustwave determines that a hacker can create a script that can detect the files stored in the Go SMS Pro cloud each time with the addresses. Security researchers add that they were able to access some user files. There were phone numbers, money transfer screen sensors, online order confirmations with postal addresses and much more.
Switch to an alternative application
Do you use Go SMS Pro as an app on your smartphone? Better to uninstall the app and find an alternative. There are several for once. In particular, there is the News from Google application. We can also quote Textra SMS, QKSMS or even Chomp SMS.