Android messaging app with 100M users found exposing messages credit card dumps dark web, joker site cvv
It is a common occurrence when apps and websites are found to have vulnerabilities that eventually get patched – the typical story in the cybersecurity world. In the latest, another such incident has occurred where a flaw has been found in an Android messaging app with over 100 million installations named GO SMS Pro.
The flaw is based on the most sensitive part of any messaging app in that it exposes the transmitted messages between users comprising of texts, voice notes, photos, and videos.
See: Vulnerability in Bumble dating app risked data of 100 million users
Discovered by researcher Richard Tan from Trustwave Security, the flaw is believed to have started from the app’s version 7.91 released on February 18 earlier this year. However, earlier and subsequent versions may include it as well even if this is not confirmed.
To see how the flaw works, we need to understand the messaging feature within the application.
To start with, when 2 Go SMS Pro users send each other a massage, it is displayed to them just like you would see a Whatsapp message right within the app. However, what happens when the recipient is not an app user?
In that case, the sender’s message would be sent as a link to the recipient’s sim. This is where the problem starts. That link irresponsibly can be accessed by anyone who gets a hold of it rather than just the one using the recipient’s sim.
Using this, attackers could pretty easily generate different URLs in order to unauthorizedly access the data of others. Furthermore, once this data is accessed, it could be used to blackmail victims and even conduct further attacks on them involving social engineering .
To conclude, currently, the flaw has not been patched (so much for our typical cybersecurity story) but the researcher has contacted the GO SMS Pro team.
See: TikTok vulnerability allowed hackers to send SMS with malware
If you are a GO SMS Pro user, it may be wise to stop using the app until then and this holds true for iOS as well as it too may have been compromised even if we’re not sure. In the future, we’ll continue updating you on how the patching process goes.
credit card dumps dark web joker site cvv