Apps Mobile

ES File Explorer Vulnerability: 100 Million User’s Data At Risk

Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by computer security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.

ES File Explorer is one of the most popular applications that provides access to the Android file system and even comes pre-installed on many devices. However, this has a big problem: it does a virtual network file server for network access but leaves an open network port: 59777. If someone else is on a computer on the same Wi-Fi network with a device that runs ES File Explorer (even if the application is not active at this time) with just a few simple commands can download anything stored on your phone, whether it’s internal memory or external storage, like a microSD card.

This vulnerability has been demonstrated by a security specialist, Elliot Alderson, who posted on his Twitter account a video clip in which in minutes he downloads a photo from his Android phone without the need to enter a password or “crash “Phone security.

A flaw being resolved

“Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet on the target, “ explains Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim’s smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.

The developers of the application eventually explained to the Android Police site that they had fixed the flaw:

“We repaired the http vulnerability and released the patch. We are now waiting for Google to validate the new version.”

Related posts

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

DON’T MISS OUT!
Subscribe To Newsletter
Be the first to get latest updates and exclusive content straight to your email inbox.
Stay Updated
Give it a try, you can unsubscribe anytime.
close-link