your shared files and photos are not safe

If you’re using Go SMS Pro, stop sending files, photos, and videos to your contacts. These transfers are not secure at all and are exposed to anyone.

Go SMS Pro

Go SMS is a very popular texting app, which notably had its heyday a few years ago when it offered a lot of themes and messed up features for Android users. Today, however, it is rather discouraged, especially since a severe security breach has just been revealed.

Attachments are not safe

As discovered in August by security researchers at Trustwave, when you send a photo, video or file from Go SMS Pro, the app takes care of sending it to a server while a link is sent to the recipient so that he can consult its content. Besides the obvious storage problem, the link in question is particularly vulnerable, since it turns out to be sequential.

Thus, once you have a link, it becomes very easy to change the components of the URL to navigate within the files of other users of the application. We tried it out ourselves and were able to browse through personal files of strangers, discovering selfies, animated GIFs, voicemail messages and even photos… very personal (TOO personal). TechCrunch, for his part, claims to have been able to find the screenshot a bank transfer, a delivery confirmation containing a personal address or a criminal record.

It is therefore impossible to target a specific person to view their private files, but everything that is sent therefore remains online and accessible to anyone by simply changing a few characters.

GO SMS have you

True to form, Trustwave immediately warned Go SMS of this security breach, giving them 90 days to react. However, the developer of the application with millions of downloads has not corrected this bug since. TechCrunch contacted the developers of the application to find out more, but did not receive a response to their requests.

Anyway, if you are using Go SMS, we advise you to opt for another private messaging app.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.