Serious security flaw discovered in the GO SMS application. The vulnerability makes content transmitted between the users publicly accessible on the system.
This includes personal voice and messages as well as pictures. So far, the application developer has not commented on the security gap or fixed it. The security researchers discovered the vulnerability in Go SMS. It is currently unclear whether other video messages are also hacked.
With the application, which is available from the Play Store, users can send personal videos and pictures. If the recipient has installed the GO SMS on their device, the media are displayed in the application. If the application is not installed on their device, they will receive the media as a shortened SMS. By clicking on the link, the user can view the document in the browser.
“In v7.94, they are not blocking the ability to upload media in the app, but the media does not appear to go anywhere,” the researchers said. “The recipient does not receive any actual text either with or without attached media. So it appears they are in the process of trying to fix the root problem.”
Bug Allows Access To Shared Media Content
The experts found that the link can be accessed without authorization. This means that anyone, including an unauthorized hacker – who has the link can view the content.
By extending the SMS, it is also possible to display or listen to other media that have been shared between other users. A cyber attacker can easily write a script and use it to create a list for content from GO SMS users. By pasting these messages into a tab extension in Google Chrome, it becomes trivial to access individual user files sent by users of this application.
Although the experts say that the vulnerability to the application provider was immediately discovered in August, they have not yet received a response. As a result, this vulnerability persists and poses a risk to users. Experts therefore recommend avoiding sending personal files with this messenger application until the provider has spoken out and fixed the security gap.
