ES File Explorer Vulnerability: 100 Million User’s Data At Risk

Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by computer security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.

ES File Explorer is one of the most popular applications that provides access to the Android file system and even comes pre-installed on many devices. However, this has a big problem: it does a virtual network file server for network access but leaves an open network port: 59777. If someone else is on a computer on the same Wi-Fi network with a device that runs ES File Explorer (even if the application is not active at this time) with just a few simple commands can download anything stored on your phone, whether it’s internal memory or external storage, like a microSD card.

This vulnerability has been demonstrated by a security specialist, Elliot Alderson, who posted on his Twitter account a video clip in which in minutes he downloads a photo from his Android phone without the need to enter a password or “crash “Phone security.

A flaw being resolved

“Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet on the target, “ explains Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim’s smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.

The developers of the application eventually explained to the Android Police site that they had fixed the flaw: [penci_blockquote style=”style-3″ align=”none” author=””]”We repaired the http vulnerability and released the patch. We are now waiting for Google to validate the new version.”[/penci_blockquote]

Izaan Zubair
Izaan is founder of TechLapse. Izaan developed interest in computers from young age and most of his skills and knowledge are self taught. He can be reached at: [email protected]

Recent News

Huawei patents a flip-up smartphone

The rendered images of a new design patent filed by Huawei with EUIPO (European Union Intellectual Property Office) show a smartphone with a tiltable camera module...