Android app with over 100 million downloads found exposing messages.
Play store has stated that the Go SMS Pro app is one of the widely used android application with 100 million users. A flaw has been found in the app based on the most sensitive part of any messaging app is that it exposes the transmitted messages between users comprising of texts, voice notes, photos, and videos.
The flaw is exploited by the hackers using a link that the app shares between one of its users and non-users. The message sent between them is forwarded as a link that can be accessed by anyone. The media sharing is also done in a similar link sharing way.
Using this, attackers could pretty easily generate different URLs in order to access the data of others. Furthermore, once this data is accessed, it could be used to blackmail victims and even conduct further attacks on them involving social engineering.
These shared links of messages and media can be used by hackers to target the huge user base of the app. Hackers having access to personal messages and data can originate a severe security threat for the users.
NPAV recommends users to stop using the Go Pro messaging app as it has not yet been patched. Researchers have informed the organization about the flaw and are currently waiting for their security patch.
Install NPAV on your devices to keep them protected from all kinds of cyberattacks. Use NPAV and join us on a mission to secure the cyber world.