ARMOUR Posted January 16, 2019 Share Posted January 16, 2019 Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more. But behind the scenes, the app is running a slimmed-down web server on the device. In doing so, it opens up the entire Android device to a whole host of attacks — including data theft. Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the exposed port last week, and disclosed his findings in several tweets on Wednesday. Prior to tweeting, he showed TechCrunch how the exposed port could be used to silently exfiltrate data from the device. “All connected devices on the local network can get [data] installed on the device,” he said. Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos, and app names — or even grab a file from the memory card — from another device on the same network. The script even allows an attacker to remotely launch an app on the victim’s device. He sent over his script for us to test, and we verified his findings using a spare Android phone. Robert said app versions 4.1.9.5.2 and below have the open port. “It’s clearly not good,” he said. We contacted the makers of ES File Explorer but did not hear back prior to publication. If that changes, we’ll update. The obvious caveat is that the chances of exploitation are slim, given that this isn’t an attack that anyone on the internet can perform. Any would-be attacker has to be on the same network as the victim. Typically that would mean the same Wi-Fi network. But that also means that any malicious app on any device on the network that knows how to exploit the vulnerability could pull data from a device running ES File Explorer and send it along to another server, so long as it has network permissions. Article Source: TechCrunch Elliot Alderson Link to comment Share on other sites More sharing options...
Jogs Posted January 16, 2019 Share Posted January 16, 2019 Yet another bad thing about ES. Luckily I got rid of it long long ago. Link to comment Share on other sites More sharing options...
tiliarou Posted January 16, 2019 Share Posted January 16, 2019 what are you using then now ? I'm used to ES pro which I got for free but would happily switch to better alternative Link to comment Share on other sites More sharing options...
Jogs Posted January 16, 2019 Share Posted January 16, 2019 I personally use Mixplorer & CX File explorer. Any thing new takes some time to adjust, but after using for some time it becomes easy. Link to comment Share on other sites More sharing options...
debebee Posted January 17, 2019 Share Posted January 17, 2019 Quote The obvious caveat is that the chances of exploitation are slim, given that this isn’t an attack that anyone on the internet can perform. Any would-be attacker has to be on the same network as the victim. Typically that would mean the same Wi-Fi network. But that also means that any malicious app on any device on the network that knows how to exploit the vulnerability could pull data from a device running ES File Explorer and send it along to another server, so long as it has network permissions. Not worrying me if you have pretty secure network security Link to comment Share on other sites More sharing options...
rajeesh Posted January 17, 2019 Share Posted January 17, 2019 already uninstalled because of Chinese app. using filemanager by augustro. simple one.. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 17, 2019 Administrator Share Posted January 17, 2019 Saying from a long time. This app is not trustable anymore. On 1/16/2019 at 5:16 PM, tiliarou said: what are you using then now ? I'm used to ES pro which I got for free but would happily switch to better alternative See this topic. Most of them mentioned are fine to use on non-rooted phones too. My personal recommendation is mentioned here. 13 hours ago, teodz1984 said: Not worrying me if you have pretty secure network security Here is my bigger concern as mentioned in the article: Quote But behind the scenes, the app is running a slimmed-down web server on the device. In doing so, it opens up the entire Android device to a whole host of attacks — including data theft. As ambiguous as it might be, it's quite concerning thing. As I said, there are enough reasons to avoid the app - at least the newer versions that even you might agree. 22 minutes ago, rajeesh said: already uninstalled because of Chinese app. using filemanager by augustro. simple one.. While this is my preferred app, here is another one which is made by same countryman there , is free and open source too. Link to comment Share on other sites More sharing options...
mkc21 Posted January 17, 2019 Share Posted January 17, 2019 Ugh, I was annoyed by some people that said a couple of years ago to uninstall it (I had the pro version and paid for it) however I reluctantly uninstalled it. Looks like it was a good decision after all. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 17, 2019 Administrator Share Posted January 17, 2019 12 minutes ago, mkc21 said: Ugh, I was annoyed by some people that said a couple of years ago to uninstall it (I had the pro version and paid for it) however I reluctantly uninstalled it. Looks like it was a good decision after all. If that people included me, then I would say, wise men them. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.