Popular messaging app Go SMS Pro is leaking sensitive media exchanged between users of the app, according to research by Trustwave. The vulnerable media of users include private voice messages, video messages, and photos. The development was first reported by TechCrunch who verified Trustwave’s research. TechCrunch found a person’s phone number, a screenshot of a bank transfer, an order confirmation including a home address, an arrest record, and explicit photos while viewing links shared through the Go SMS Pro app.

 

According to the report, Trustwave’s researchers discovered the flawed Go SMS Pro’s app in August and informed the app-maker to fix them. However, even after the standard 90-day deadline since August 18, 2020, to fix the issue, the app maker "has done nothing to fix the bug." After the deadline, the researchers posted about the app flaws in public.

Go SMS Pro is said to have 100 million downloads on Google PlayStore and was discovered to publicly expose media transferred between users of the app.
As per reports, users who do not have the app received URLs via SMS if any messages were sent to them using the app. Users had to click on this URL to access the message that would open on a browser. According to research by Spider Labs, anybody without any authentication or authorization, who had access to the URL could open it and get access to sensitive media shared between users.

The research further stated that the URL link was sequential (hexadecimal) and predictable and that while sharing media files, a link was generated regardless of the recipient having the app or not.
"As a result, a malicious user could potentially access any media files sent via this service and also any that are sent in the future. This obviously impacts the confidentiality of media content sent via this application," notes the research. The research further warns users to avoid sending private media files that may contain sensitive data till the vendor acknowledges and fixes the vulnerability.

"An attacker can create scripts that could throw a wide net across all the media files stored in the cloud instance," Karl Sigler, senior security research manager at Trustwave told TechCrunch.

Source: indiatoday

---

Reviews is conducting a weekly contest. Answer a simple question and get a chance to win exciting gift hampers from Aiken Care Package. Go to our Facebook page for more details or also can check the details on our Instagram page.

---

Also Read:

TIPS FOR FIRST TIME CAR BUYERS | NEW OR USED

GARMIN ADDS PREGNANCY TRACKING TO CONNECT APP

HBO CHANNELS CAN BE VIEWED FREE BY DISHHOME USERS IN THE MOBILE APP

ROYAL ENFIELD IS DEVELOPING ELECTRIC MOTORCYCLES TO BE AFFORDABLE MID-WEIGHT BIKE

XIAOMI NEPAL'S DASHAIN OFFER- CELEBRATE DASHAIN WITH MI

TOP 5 PRIMERS IN NEPAL | REVIEWS

HUAWEI BRINGS MOOVIT APP TO APPGALLERY

Nepal has always been an easy target for hackers around the world. Previously, the servers of mercantile and banks have been hacked by international hackers. The government servers and Data Centers are also at high risk. Thus, it has become essential to protect the information systems and communication technology infrastructure from various types of cyber attacks and risks by adopting various internationally prevailing standards of cyber security. The Government of Nepal is also conscious of the need for cyber security standards.

So, exercising the authority given by Section 62 of the Telecommunications Act, 2053 (1997), the Nepal Telecommunication Authority (NTA) has framed a Byelaw- “Cyber ​​Security Byelaw, 2077 (2020)” and has implemented it right away. The Byelaw is implemented to ensure the cyber security standards in order to protect ICT Infrastructure and Information Systems of Telecommunication Service Providers of Nepal from various malicious attacks and threats, and build trust and confidence of users towards using ICT technology and services.

Thereupon, all the telecommunication service providers including basic telecommunication (telephone), mobile operators, networks and internet service providers that are licensed by Nepal Telecommunication Authority (NTA) are informed to operate their services conforming with the Byelaw.

Also Read:

OVER 500,000 ZOOM ACCOUNTS SOLD ON HACKER FORUMS, THE DARK WEB

COVID-19 CTI LEAGUE: CYBER-SECURITY EXPERTS COME TOGETHER TO FIGHT CORONAVIRUS RELATED HACKING

TDO NEPAL LAUNCH COVID-19 SELF-SCREENING APP & WEBSITE

HOW TO FIX SLOW INTERNET CONNECTION?

NEPAL GOVERNMENT WILL PROVIDE A CAPITAL GRANT UPTO RS 5 MILLION TO STARTUPS

2020-21 BUDGET IMPACT: ELECTRIC VEHICLES TO BE MORE COSTLY IN NEPAL

NATIONAL STRATEGY FOR E-COMMERCE APPROVED BY THE GOVERNMENT  

TRIBHUVAN UNIVERSITY EXERCISES SUBSIDIZED LEARNING DATA PACKS 

 

China has launched an initiative to address global data security issues, a countermove to the U.S. “clean network” program that is aimed at discouraging other countries from using Chinese technology.

Foreign Minister Wang Yi announced the initiative in Beijing on Tuesday at a seminar on global digital governance.

He said mounting risks for cybersecurity threaten national security, public interests and personal rights.

The move comes amid a deterioration in U.S.-China relations encompassing trade tensions and competition in telecommunications and artificial intelligence technologies, with the U.S. accusing Chinese technology companies of threatening American national security.

“Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ networks and used security as a pretext to prey on enterprises of other countries who have a competitive edge,” Wang said, according to a transcript of his speech released by the ministry. “Such blatant acts of bullying must be opposed and rejected.”

Wang said that it was important to develop international rules on data security that will “reflect the will and respect the interests of all countries through broad-based participation.”

U.S. Secretary of State Mike Pompeo last month unveiled the “Clean Network” program, saying it is aimed at protecting citizens’ privacy and sensitive information from “malign actors, such as the Chinese Communist Party.”

More than 30 countries and territories such as Australia and Britain are participating in that initiative, which seeks to exclude Chinese telecommunications companies like Huawei and ZTE, as well as apps, cloud service providers and undersea cables from their internet networks.

The U.S. has expressed concerns over national security threats from services provided by Chinese technology companies like Huawei, Bytedance and Tencent.

Washington has dissuaded some U.S. allies from using Huawei’s technology in 5G networks, saying data potentially could be accessed by the Chinese government. Huawei vehemently denies that.

Washington also has imposed sanctions that restrict Huawei from procuring chips containing American technology. Recently, the U.S. also said it will ban Chinese company Bytedance’s popular TikTok video app in the country unless it finds an American buyer. It similarly labeled Tencent’s popular messaging app WeChat a national security threat.

The Chinese initiative opposes impairing critical infrastructure and theft of important data. It also opposes abusing technology to “conduct mass surveillance against other states,” the transcript said.

Companies should not “install backdoors in their products and services” to illegally obtain user data, should respect the sovereignty, jurisdiction, and governance of data in other states,” it says.

“The Chinese government has acted in strict compliance with data security principles. We have not and will not ask Chinese companies to transfer data overseas to the government in breach of other countries’ laws,” said Wang.

“Politicization of security issues, double standards and slandering others violate the basic norms governing international relations, and seriously disrupts and hampers global digital cooperation and development,” he said.

Source: AP

Also Read:

CHINESE STARTUP ROKID SEES OPPORTUNITY WITH COVID-FIGHTING SMART GLASSES

JACK MA FOUNDATION PUBLISHES HANDBOOK, SHARES CHINA’S EXPERIENCE IN BATTLING COVID-19

TDO NEPAL LAUNCH COVID-19 SELF-SCREENING APP & WEBSITE

HOW TO FIX SLOW INTERNET CONNECTION?

APPLE LAUNCH COVID-19 SELF-SCREENING APP & WEBSITE | HOW TO USE

APPLE AND GOOGLE PARTNER ON CONTACT TRACING TECH VIA APIS, BLUETOOTH

VOLKSWAGEN RESTARTS PRODUCTION IN GERMANY AFTER CORONAVIRUS LOCKDOWN

5G-POWERED ROBOTS CONTRIBUTE TO CONTROL EPIDEMIC IN CHINA

Zoom will now let you temporarily pause meetings so you can kick out “Zoombombers” or disruptive individuals, the company announced in a blog post.

As Zoom usage skyrocketed during the pandemic, pranksters and hackers found ways to invade Zoom calls and display shocking videos and disruptive content, a practice that has become known as “Zoombombing.” With Zoom’s new security feature, you’ll be able to suspend a meeting to block bad content from being shown and also report the Zoombomber to Zoom.

To suspend a meeting, click the Security icon while on a call and then click “Suspend Participant Activities.” When you do, all video, audio, in-meeting chat, annotations, screen sharing, and recording will be suspended and all breakout rooms will end, which should shut down the Zoombomber’s activity. From there, Zoom will ask the host if they want to report a user, and if they do, that user will be ejected from the meeting, and Zoom’s security team will be notified.

Zoom says the new feature is being enabled by default for all free and paid users and is available on the Zoom clients for Mac, PC, and Linux, as well as Zoom’s mobile apps. I should note that I wasn’t able to see the feature on Zoom on my work MacBook Pro, but I suspect that’s due to my IT settings.

In April, Zoom announced a 90-day feature freeze to fix privacy and security issues on the platform that came to light following the massive surge in users relying on it during the pandemic. Many of Zoom’s resulting improvements, such as turning waiting rooms on by default for basic, single-license Pro, and education accounts, could help make it harder for Zoombombers to infiltrate meetings.

Source: theverge

---

Reviews is conducting a weekly contest. Answer a simple question and get a chance to win exciting gift hampers from Aiken Care Package. Go to our Facebook page for more details or also can check the details on our Instagram page.

---

Also Read:

SMARTPHONE WINNERS OF EISA AWARDS 2020-2021

5 BEST DIGITAL WALLETS IN NEPAL

BEST SMART WATCH AVAILABLE IN NEPAL

KTM BIKES IN NEPAL WITH FULL SPECIFICATION AND PRICE

TOP 5 200CC BIKES IN NEPAL IN 2020 | UPDATED PRICE

DUCATI PANIGALE V2 LAUNCHED IN INDIA