Android file manager ES File Explorer leaked phone data

Spread the love

Android file manager ES File Explorer was found to be running a web server in the background, exposing the user to attacks from lan. A researcher showed that he could read files and open apps remotely.

In a series tweets let security researcher Baptiste Robert know how the vulnerability works. Every time the app starts, the app sets up an http server. It listens on port 59777 and does not authenticate. TechCrunch’s editors also verified the vulnerability. According to the researcher, the open port is in version 4.1.9.5.2 and below. That was the latest version of the app until around January 11th.

According to the makers of the app, more than 500 million users worldwide have the app on their phones. The Google Play Store reports 100 million or more installs. ES App Group did not respond to requests for comment from TechCrunch. Robert suspects that the vulnerability, which now also has a resume number, is purposely used as a back door in the app.

Commenting on Robert’s tweets, Lukas Stefanko, malware researcher at ESET, reports that he also mitm attacks can commit to the application, although it doesn’t provide a lot of background information about it.

Update, 19/01: Robert tweet that a fix for the leak is in the pipeline.

You might also like