• Home
  • Apps
  • Apps News
  • ES File Explorer Vulnerability Allows Access to Phone's Files From Local Network: Report

ES File Explorer Vulnerability Allows Access to Phone's Files From Local Network: Report

Share on Facebook Tweet Share Reddit Comment
ES File Explorer Vulnerability Allows Access to Phone's Files From Local Network: Report

ES File Explorer has over a hundred million downloads on Google Play

Highlights
  • The app needs to be run just once for this vulnerability to be active
  • All the vulnerable phone's files can be listed and downloaded
  • This affects ES File Explorer v4.1.9.7.4 and lower

ES File Explorer has been one of the most popular ways to navigate and manage your phone's storage. Though there are in build file managers in most modern Android devices, the app still have over a hundred million downloads on Google Play alone. The problem is that the app has been getting bloated with additional functions that frankly no one asked for, which has also been the reason for the app's barrage of negative reviews on the Play Store. To add to the problems, security researcher with Mr. Robot inspired pseudonym Elliot Alderson recently claimed the app makes your phone's files easily vulnerable to data theft.

In his tweet Eliot Alderson states "With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone". He also attached the video embedded below to demonstrate his point.

 

ES File Explorer starts an HTTP server on port 59777, which leaves makes your phone accessible to anyone on the same local network to exploit it, the researcher claimed. The attacker can then use that port to inject a JSON payload and list out the files you have and even download them.

This vulnerability is claimed to exist in v4.1.9.7.4 (which is the current version of the app on the Google Play Store at the time of writing), and lower. If you happen to use the app, then its best to connect only to highly trusted networks, or look for an alternative at least until there's an update that resolves this issue.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Samsung Galaxy S10 Spotted in Leaked Image, In-Display Fingerprint Sensor Reportedly Won’t Work With Screen Protector
Spotify Could Launch in India on January 31: Report
Read in: বাংলা
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.