ES File Explorer Vulnerability Allows Access to Phone's Files From Local Network: Report
By Gagan Gupta | Updated: 17 January 2019 11:41 IST
ES File Explorer has over a hundred million downloads on Google Play
Advertisement
ES File Explorer has been one of the most popular ways to navigate and manage your phone's storage. Though there are in build file managers in most modern Android devices, the app still have over a hundred million downloads on Google Play alone. The problem is that the app has been getting bloated with additional functions that frankly no one asked for, which has also been the reason for the app's barrage of negative reviews on the Play Store. To add to the problems, security researcher with Mr. Robot inspired pseudonym Elliot Alderson recently claimed the app makes your phone's files easily vulnerable to data theft.
In his tweet Eliot Alderson states "With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone". He also attached the video embedded below to demonstrate his point.
ES File Explorer starts an HTTP server on port 59777, which leaves makes your phone accessible to anyone on the same local network to exploit it, the researcher claimed. The attacker can then use that port to inject a JSON payload and list out the files you have and even download them.
This vulnerability is claimed to exist in v4.1.9.7.4 (which is the current version of the app on the Google Play Store at the time of writing), and lower. If you happen to use the app, then its best to connect only to highly trusted networks, or look for an alternative at least until there's an update that resolves this issue.
Comments
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Related Stories
Advertisement
Follow Us
-
01:45
Gadgets 360 With Technical Guruji: Did You Know About Aerospace Grade Titanium on Phones? -
00:47
Gadgets 360 With Technical Guruji: How to Download Your UPI Statement -
04:03
Gadgets 360 With Technical Guruji: Ask TG [November 16, 2024] -
03:07
Gadgets 360 With Technical Guruji: News of the Week [November 16, 2024] -
02:46
Gadgets 360 With Technical Guruji: iPad Mini (2024) Review
Popular on Gadgets
- Amazon Great Indian Festival 2024
- Big Billion Days 2024
- Apple Vision Pro
- Oneplus 12
- iPhone 14
- Apple iPhone 15
- OnePlus Nord CE 3 Lite 5G
- iPhone 13
- Xiaomi 14 Pro
- Oppo Find N3
- Tecno Spark Go (2023)
- Realme V30
- Best Phones Under 25000
- Samsung Galaxy S24 Series
- Cryptocurrency
- iQoo 12
- Samsung Galaxy S24 Ultra
- Giottus
- Samsung Galaxy Z Flip 5
- Apple 'Scary Fast'
- Housefull 5
- GoPro Hero 12 Black Review
- Invincible Season 2
- JioGlass
- HD Ready TV
- Laptop Under 50000
- Smartwatch Under 10000
- Latest Mobile Phones
- Compare Phones
Latest Gadgets
- Vivo Y18t
- Honor X9c
- Honor Magic 7 Pro
- Honor Magic 7
- Sharp Aquos R9 Pro
- Xiaomi 15
- Xiaomi 15 Pro
- Redmi A3 Pro
- Asus Zenbook S 14
- MacBook Pro 16-inch (M4 Max, 2024)
- Huawei MatePad 11.5
- Acer Iconia Tab 10.36 (iM10-22)
- Redmi Band 3
- Xiaomi Smart Band 9 Pro
- Sony 65 Inches Ultra HD (4K) LED Smart TV (KD-65X74L)
- TCL 55 Inches Ultra HD (4K) LED Smart TV (55C61B)
- Sony PlayStation 5 Pro
- Sony PlayStation 5 Slim Digital Edition
- Lloyd 2 Ton 3 Star Inverter Split AC (GLS24I36WGVR)
- Acer 1.5 Ton 5 Star Inverter Split AC (AR15AS5INGMA)
- About Us
- Sitemaps
- Feedback
- Archives
- Contact Us
- RSS
- Advertise
- Career
- Privacy Policy
- Ethics
- Editorial Policy
- Terms & Conditions
- Complaint Redressal
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
