Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by computer security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.
ES File Explorer is one of the most popular applications that provides access to the Android file system and even comes pre-installed on many devices. However, this has a big problem: it does a virtual network file server for network access but leaves an open network port: 59777. If someone else is on a computer on the same Wi-Fi network with a device that runs ES File Explorer (even if the application is not active at this time) with just a few simple commands can download anything stored on your phone, whether it’s internal memory or external storage, like a microSD card.
This vulnerability has been demonstrated by a security specialist, Elliot Alderson, who posted on his Twitter account a video clip in which in minutes he downloads a photo from his Android phone without the need to enter a password or “crash “Phone security.
A flaw being resolved
“Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet on the target, “ explains Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim’s smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.
The developers of the application eventually explained to the Android Police site that they had fixed the flaw:
“We repaired the http vulnerability and released the patch. We are now waiting for Google to validate the new version.”