ES File Explorer, one of the popular file managing apps, has been exposed with a hidden web server running in the background, leaving the door open for anyone to easily access data on the device just with a simple script.
A French security researcher, Baptiste Robert with the online handle Elliot Alderson, found the exposed port last week. He also disclosed his findings in a tweet, yesterday, stating that, “The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone.”
ES File Explorer hasn’t responded to the allegations yet. The app has more than 500 million downloads on the Google Play Store. Robert said that the app versions 4.1.9.5.2 and below have the open port.
According to TechCrunch, “Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos and app names — or even grab a file from the memory card — from another device on the same network. The script even allows an attacker to remotely launch an app on the victim’s device.”
The server running in the background can also use an HTTP protocol to stream videos to other apps. However, this opens up a portal for the hacker to hack every single information from the Android device.
This vulnerability can only affect those connected within the local network. Internet and WWW cannot be used to steal information via this exposed web-server. However, this is still a threat and an opportunity for the hacker present in the local network.
To know more about this news in detail, visit GitHub.
Here’s a short video demonstrating the vulnerability by Baptiste Robert.
Ethereum community postpones Constantinople, post vulnerability detection from ChainSecurity
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…