![]() ![]() This weakness was confirmed in GO SMS Pro v7.91, as mentioned - but the developer released a new version (v.7.93) on Wednesday. He said that because an attacker can’t directly target specific users, “I wouldn’t consider this a critical severity…but the wide net that can be thrown around potentially sensitive data certainly justifies a high severity.” It is nonetheless a concerning bug, Sigler added. “However, a random picture of a sunset will likely not be easily traced back to a person.” #MIGHTYTEXT PRO HACK LICENSE#“For instance, a profile picture can be searched for using reverse image search, a driver’s license image or legal documents will have personally identifiable information (PII) that can be used to tie the image to specific people, etc.,” Karl Sigler, senior security research manager at SpiderLabs, told Threatpost. The saving grace is that an attacker would not be able to link the media back to a specific user, unless the media file itself leaks a person’s identity. “By incrementing the value in the URL, it is possible to view or listen to other media messages shared between other users.”Ī simple bash script could be used to generate a sample list of URLs using the predictable changes in the addresses, they added, which can simply be pasted into the multi-tab extension on Chrome or Firefox for easy viewing. “ potentially access any media files sent via this service and also any that are sent in the future,” researchers noted. So, by predicting the next URL in the hexadecimal sequence, a malicious user could view any number of users’ media without consent. ![]() But the researchers also found that the URLs used for media are sequential and predictable. ![]() In and of itself, this could be exploitable via a piece of SMS-parsing malware or a browser-based info-stealer. “SpiderLabs found that accessing the link was possible without any authentication or authorization, meaning that any user with the link is able to view the content,” researchers explained in a Thursday posting. In that case, the media file is sent to the recipient as a URL via SMS, so the person can click on the link to view the media file in a browser window. When a user sends a multimedia message, the recipient can receive it even if they don’t themselves have GO SMS Pro installed. Researchers at Trustwave SpiderLabs said that private voice messages, videos messages and photos are all at risk of being compromised by a trivially exploitable flaw in version 7.91. The GO SMS Pro application is a popular messenger app with more than 100 million downloads from the Google Play store. #MIGHTYTEXT PRO HACK ANDROID#A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |