Apps Mobile

ES File Explorer Vulnerability: 100 Million User’s Data At Risk

Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by computer security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.

ES File Explorer is one of the most popular applications that provides access to the Android file system and even comes pre-installed on many devices. However, this has a big problem: it does a virtual network file server for network access but leaves an open network port: 59777. If someone else is on a computer on the same Wi-Fi network with a device that runs ES File Explorer (even if the application is not active at this time) with just a few simple commands can download anything stored on your phone, whether it’s internal memory or external storage, like a microSD card.

This vulnerability has been demonstrated by a security specialist, Elliot Alderson, who posted on his Twitter account a video clip in which in minutes he downloads a photo from his Android phone without the need to enter a password or “crash “Phone security.

A flaw being resolved

“Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet on the target, “ explains Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim’s smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.

The developers of the application eventually explained to the Android Police site that they had fixed the flaw:

“We repaired the http vulnerability and released the patch. We are now waiting for Google to validate the new version.”

Related posts

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Subscribe To Newsletter
Be the first to get latest updates and exclusive content straight to your email inbox.
Stay Updated
Give it a try, you can unsubscribe anytime.