ES File Explorer has been one of the most proficiently-liked ways to navigate and run your phone’s storage. Though there are in manufacture file managers in most advanced Android devices, the app still has behind more a hundred million downloads from Google Play. The burden is that the app has been getting bloated forward additional functions that frankly no one asked for, which has along with been the excuse for the app’s barrage of negative reviews on the Play Store. the problems, security researcher Mr Robot inspired pseudonym Elliot Alderson recently claimed the app makes your phone’s files easily vulnerable to data theft.
The app needs to be run just taking into account for this vulnerability to the accomplishment
In his tweet, Eliot Alderson states “With on top of 100,000,000 downloads ES File Explorer is one of the most expertly-known Android file managers. The incredulity is: if you opened the app at least behind, anyone can connect to the same local network can remotely profit a file from your phone”. He also attached the video embedded asleep to disquiet his point.
All the vulnerable phone’s files can be listed and downloaded
ES File Explorer starts an HTTP server on the port 59777, which leaves makes your phone accessible to anyone upon the associated local network to mistreatment it, the intellectual claimed. The hacker can then use that port to inject a JSON payload and list out the files you have and even download them.
This affects ES File Explorer v220.127.116.11.4 and belittle
This vulnerability is claimed to exist in v18.104.22.168.4 and lower. If you are to use this app, as well as its best to secure by yourself to deeply trusted networks or see for an interchange at least until there’s an update that resolves this matter.