Connect with us

Internet

ES File Explorer Vulnerability Allows Access to Phone’s Files From Local Network: Report

Published

on

ES File Explorer has been one of the most popular ways to navigate and manage your phone’s storage. Though there are in build file managers in most modern Android devices, the app still have over a hundred million downloads on Google Play alone. The problem is that the app has been getting bloated with additional functions that frankly no one asked for, which has also been the reason for the app’s barrage of negative reviews on the Play Store. To add to the problems, security researcher with Mr. Robot inspired pseudonym Elliot Alderson recently claimed the app makes your phone’s files easily vulnerable to data theft.

In his tweet Eliot Alderson states “With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone”. He also attached the video embedded below to demonstrate his point.

 

ES File Explorer starts an HTTP server on port 59777, which leaves makes your phone accessible to anyone on the same local network to exploit it, the researcher claimed. The attacker can then use that port to inject a JSON payload and list out the files you have and even download them.

This vulnerability is claimed to exist in v4.1.9.7.4 (which is the current version of the app on the Google Play Store at the time of writing), and lower. If you happen to use the app, then its best to connect only to highly trusted networks, or look for an alternative at least until there’s an update that resolves this issue.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

How To Delete Your Cash App Account

Published

on

Even though many mobile app users are highly satisfied with their experience on Cash App, you may have several reasons to consider canceling.

Continue Reading

Internet

Apple Mac Mini Review (2023, M2 Pro): One Key Option Makes It An Easy Decision

Published

on

The Mac mini (2023) brings Apple’s M2 chipset and a set of options that might have you wondering how you’ll tell the difference between sleek metal boxes.

Continue Reading

Internet

What Really Makes Jeeps Incredible Climbers

Published

on

When it comes to off-roading, Jeep is the one name brand that keeps coming up. From its inception, the Jeep has been a great climber. We’ll tell you why.

Continue Reading

Trending