Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by computer security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.

ES File Explorer is one of the most popular applications that provides access to the Android file system and even comes pre-installed on many devices. However, this has a big problem: it does a virtual network file server for network access but leaves an open network port: 59777. If someone else is on a computer on the same Wi-Fi network with a device that runs ES File Explorer (even if the application is not active at this time) with just a few simple commands can download anything stored on your phone, whether it’s internal memory or external storage, like a microSD card.

This vulnerability has been demonstrated by a security specialist, Elliot Alderson, who posted on his Twitter account a video clip in which in minutes he downloads a photo from his Android phone without the need to enter a password or “crash “Phone security.

A flaw being resolved

“Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet on the target, “ explains Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim’s smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.

The developers of the application eventually explained to the Android Police site that they had fixed the flaw: [penci_blockquote style=”style-3″ align=”none” author=””]”We repaired the http vulnerability and released the patch. We are now waiting for Google to validate the new version.”[/penci_blockquote]

Izaan Zubair
Izaan's inquisitive in technology drove him to launch his website Tech Lapse. He usually writes pieces on emerging technology, anime, programming and alike niches. He can be reached at [email protected]
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments

You may also like

More in:Apps