Expert Comments

Experts Reacted On Android Chat App With 100 Million Installs Exposes Private Messages

Expert(s):
Expert(s):

In response to reports that GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users, experts from cybersecurity firms Inkscreen and KnowBe4 offer perspective. 

Experts Comments

Dot Your Expert Comments
Josh Bohls
November 20, 2020
Founder
Inkscreen

This false sense of security can be exploited both on personal accounts and in the enterprise.
Here is another example where a mobile app user believes their photos and videos are protected and only accessible by intended recipients, while in reality they are left exposed. This false sense of security can be exploited both on personal accounts and in the enterprise. Companies that do not provide secure managed solutions for employees to capture and share multimedia content will find themselves similarly exposed to liability and loss.
Erich Kron
November 20, 2020
Security Awareness Advocate
KnowBe4

Consumers should be aware that just because a lot of others are using the service, doesn’t mean that the service is secure or safe to use.
This is an example of the dangers of trusting third-party apps and a lesson in how not to respond to reported security issues. This vendor uses no authentication to ensure that only the intended recipients can receive the multimedia files. Instead, by using only a short, generated hex number to retrieve the file, they leave a huge number of people vulnerable to having private photos and data pilfered without their knowledge. More concerning is the thought that users may not even be aware of how .....Read More
This is an example of the dangers of trusting third-party apps and a lesson in how not to respond to reported security issues. This vendor uses no authentication to ensure that only the intended recipients can receive the multimedia files. Instead, by using only a short, generated hex number to retrieve the file, they leave a huge number of people vulnerable to having private photos and data pilfered without their knowledge. More concerning is the thought that users may not even be aware of how to, or even have the ability to, delete these files once stored on the application developers’ servers. Having notified the vendor over the course of three months, the security researchers followed a reasonable notification attempt before publicly disclosing the vulnerability. This is a tough call for researchers, especially when sensitive information is at risk, however, leaving the vulnerability in place and not informing potential users is also not acceptable. As more and more applications are available for mobile devices, this threat will continue to grow. Consumers should be aware that just because a lot of others are using the service, doesn’t mean that the service is secure or safe to use.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq