The personal data of more than 100 million users of a messaging app was potentially put at risk by a vulnerability which exposed privately shared media content sent through the service, cybersecurity company Trustwave revealed.
In a blog, Trustwave said the vulnerability discovered in the GO SMS Pro service generated a link whenever someone sent a media file, letting anyone access the content without undergoing any authentication or authorisation processes first.
Trustwave added the links generated by the app were sequential and predictable, and as a result a “malicious user” would be able to access media files sent after obtaining the initial link.
While noting the weakness was discovered only on GO SMS Pro v7.91, Trustwave said it believed other versions of the app were likely to also be affected.
The company said it hadn’t received a response after multiple attempts to contact the developer since August, arguing the vulnerability still presented danger to users.Subscribe to our daily newsletter Back