0

For the longest time, ES File Explorer was the de facto file manager on Android. As time has gone on, however, it’s proven to be less trustworthy. A recent vulnerability reminds us why there are better choices now.

As reported by Android Police, there’s a new vulnerability in ES that exposes your files to anyone on the same network—you only need to open the app once. This bug was found by researching Elliot Alderson, who posted about it on Twitter.

Apparently, ES leaves port 59777 open on your phone after it’s launched, giving anyone on the same network access to the file structure and beyond. An attacker can use that open port to inject a JSON payload, then get access to—and download—all of your info.

The upside is that the ES team knows about the issue and says it’s been fixed, with an update incoming:

We have fixed the http vulnerability issue and released it. Waiting for the Google market to pass the review.

Still, given ES’ rocky history, this is just another opportunity to remind everyone there are better options out there. If you insist on using ES, I would at least suggestion steering clear of it until the update that fixes this bug is available in the Play Store.

via Android Police


Post a Comment Blogger

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.

 
Top