cyber Breach

go-sms.com

Jul 9, 2023 1 min read
go-sms.com

A security hole that allowed files and photographs transferred on GO SMS Pro to be made public was recently found by Trustwave researchers.

The researchers described the problem and let the app's creator know what they had discovered. The software uploads the file to its servers and publishes a web address for the recipient to click on when a user transmits a file to someone who doesn't have the app installed.

Unfortunately, the web addresses supplied by the app were sequentially numbered and simple to guess. Given enough time, a clever hacker or cybercriminal might guess the URL of an attachment and view its contents.

Trustwave shared its findings with TechCrunch, They were able to view private images like a screenshot with bank information, an order confirmation with a home address and an arrest record.

Source: https://www.komando.com/security-privacy/go-sms-pro-security-risk/765166/

TPRM report: https://scoringcyber.rankiteo.com/company/go-sms.com

"id": "gos31012623",
"linkid": "go-sms.com",
"type": "Data Leak",
"date": "12/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Communication',
                        'name': 'GO SMS Pro',
                        'type': 'Mobile Application'}],
 'attack_vector': 'Insecure Direct Object References',
 'data_breach': {'file_types_exposed': ['Images',
                                        'Screenshots',
                                        'Order confirmations',
                                        'Arrest records'],
                 'personally_identifiable_information': ['Bank information',
                                                         'Home address',
                                                         'Arrest record'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Private images',
                                              'Screenshot with bank '
                                              'information',
                                              'Order confirmation with home '
                                              'address',
                                              'Arrest record']},
 'description': 'A security hole in GO SMS Pro allowed files and photographs '
                'transferred on the app to be made public. The web addresses '
                'for these files were sequentially numbered and easy to guess, '
                'enabling potential access by hackers.',
 'impact': {'data_compromised': ['Private images',
                                 'Screenshot with bank information',
                                 'Order confirmation with home address',
                                 'Arrest record']},
 'initial_access_broker': {'entry_point': 'Sequentially numbered and guessable '
                                          'URLs'},
 'motivation': 'Unauthorized access to private data',
 'post_incident_analysis': {'root_causes': 'Sequentially numbered and '
                                           'guessable URLs'},
 'references': [{'source': 'TechCrunch'}],
 'threat_actor': 'Potential hackers or cybercriminals',
 'title': 'GO SMS Pro Security Vulnerability',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Sequentially numbered and guessable URLs'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.