GO SMS Pro Exposes Private Messages and Multimedia files Shared Between its Users

The GO SMS Pro application is a popular messenger app with over 100 million downloads and was discovered to openly expose media transferred between users of the app. This exposure includes private voice messages, video messages, and photos.

This implies any sensitive media shared between users of this messenger app is in danger of being compromised by an unauthenticated attacker or curious user.

This defect was discovered on GO SMS Pro v7.91. It is unclear which other versions are affected but this is probable to affect previous, future versions also.

At this point, if the recipient does not have the GO SMS Pro app installed, the media file is sent to the recipient as a URL through SMS. The user could then click on the link and look at the media file through a browser.

The vulnerability Found in GO SMS Pro App

SpiderLabs found that the app permits users to share files with anyone no matter the recipient having the app installed.  Accessing the link was also possible with none…

Exit mobile version