Connect with us

Internet

ES File Explorer Vulnerability Allows Access to Phone’s Files From Local Network: Report

Published

on

ES File Explorer has been one of the most popular ways to navigate and manage your phone’s storage. Though there are in build file managers in most modern Android devices, the app still have over a hundred million downloads on Google Play alone. The problem is that the app has been getting bloated with additional functions that frankly no one asked for, which has also been the reason for the app’s barrage of negative reviews on the Play Store. To add to the problems, security researcher with Mr. Robot inspired pseudonym Elliot Alderson recently claimed the app makes your phone’s files easily vulnerable to data theft.

In his tweet Eliot Alderson states “With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone”. He also attached the video embedded below to demonstrate his point.

 

ES File Explorer starts an HTTP server on port 59777, which leaves makes your phone accessible to anyone on the same local network to exploit it, the researcher claimed. The attacker can then use that port to inject a JSON payload and list out the files you have and even download them.

This vulnerability is claimed to exist in v4.1.9.7.4 (which is the current version of the app on the Google Play Store at the time of writing), and lower. If you happen to use the app, then its best to connect only to highly trusted networks, or look for an alternative at least until there’s an update that resolves this issue.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

New Samsung Galaxy Z Fold 3 renderings leak showing off all angles

Published

on

One of the most anticipated smartphones from Samsung that fans are looking forward to is the Galaxy Z Fold 3. The foldable flagship smartphone is set to launch on August 11, and ahead of that launch, we have some details that have surfaced via various leaks. Now some additional renderings of the smartphone have leaked, showing almost all angles of … Continue reading

Continue Reading

Internet

Volocopter 2X completed its first US public crewed test flight

Published

on

Each year the Experimental Aircraft Association (EAA) holds a massive air show in Wisconsin called AirVenture. At AirVenture 2021, the Volocopter 2X eVTOL aircraft had a very successful and important milestone flight. At the show, the aircraft had its first-ever public crewed test flight of the fully electric vertical take-off and landing air taxi in the US. Volocopter says the … Continue reading

Continue Reading

Internet

AirTag battery safety puts Apple in a quandary

Published

on

Apple’s privacy-respecting item tracker is like a ping-pong of good news, bad news revelations. Apple has made its AirTags so easy to use that there have been concerns about the security of the Find My network. The small discs are small enough to place anywhere but require a separate accessor to hook into objects unless you take the ill-advised route … Continue reading

Continue Reading

Trending