- The Pass SMS Professional app exposes personal pictures, movies, and different recordsdata of tens of millions of customers.
- Safety researchers discovered the flaw again in August.
- The app maker has no longer but spoke back to the findings or taken any steps to mend it.
On the subject of third-party messaging apps for Android, Pass SMS Professional is among the most well liked ones in the market. It has over 100 million installs as according to its Google Play Retailer list and markets itself as the #1 platform to interchange Android’s inventory messaging app. Sadly for its customers, safety researchers have found out a significant safety flaw within the app.
TechCrunch has revealed a file in accordance with analysis carried out through Trustwave, revealing that tens of millions of Pass SMS Professional customers are liable to document robbery.
The app permits customers to percentage pictures, movies, and different recordsdata within the type of a internet deal with in order that those that don’t also have the app can get admission to the recordsdata simply with the assistance of the hyperlink. Safety researchers at Trustwave found out that those hyperlinks are sequential. Because of this somebody who is aware of one internet deal with can are expecting others and get admission to recordsdata saved in them with out right kind consent.
Additionally, “An attacker can create scripts that would throw a large web throughout the entire media recordsdata saved within the cloud example,” Karl Sigler, Senior Safety Analysis Supervisor at Trustwave instructed TechCrunch.
The weak spot was once found out on model 7.91 of the Pass SMS Professional app. It’s these days on model 7.93, with the newest replace having rolled out on November 18. Then again, Trustwave believes that the vulnerability most likely impacts earlier and probably long run variations as smartly. TechCrunch additionally independently verified Trustwave’s findings.
The safety company shared its discovering with the app maker in August and gave it 90 days to mend the problem, as is usual follow within the business. However after the closing date expired and not using a reaction, the researchers made their findings public.
So if you happen to’re the use of Pass SMS Professional at this time, likelihood is that you’re nonetheless affected. You could wish to believe creating a transfer to every other messaging app until the flaw is fastened. We’ll replace this newsletter if the app maker ever responds to or takes motion at the factor.
Learn subsequent: The most efficient messenger apps for Android