The popular and inexpensive international texting app SMS touch has been found to send critical data in cleartext making the users susceptible to hackers.
Zscalers ThreatLabZ team discovered that SMS touch, which costs $1.99 in Google's Play Store and charges $.09 per text, sends both customer and SMS messages over a cleartext network leaving them open to interception by cybercriminals, said company researcher Viral Gandhi.
Because many users believe these texting networks are secure they use them to send sensitive information, all of which can be captured by an outsider. Gandhi said this is a growing problem as the number of companies who make this type of texting app is increasing.
“Even though SMS touch is a paid app, it fails to accommodate standard code security practices. Encryption is absolutely necessary to protect user information and to prevent privacy leakage,” he said, adding that Zscaler informed the app's developer and it intends to issue a patch in the coming months.
