Some like it and some do not. ES File Explorer is still one of the most popular file explorer on smartphone. A French security researcher has just discovered a critical flaw that allows a third party to access all your personal data.
Android is full of file browsers to ergonomically manage the data on your smartphone. Es File Explorer is far from being unknown to the battalion to be one of the oldest applications in this field,
and logically one of the most downloaded to date: more than 100 million downloads on the Google Play Store. If you use it, you have been exposed for a long time to a critical flaw.
How Es File Explorer Allows Third Parties To Access Your Personal Files
Baptiste Robert, a French computer security expert who is also called by his alias Elliot Alderson has published several tweets this week in which speaks of a flaw identified in the famous file manager.
The vulnerability allows anyone connected to the same network as its target to access the contents of its smartphone: photos, videos, personal documents, applications, etc.
A flaw that does not reinvigorate the image of Es File Explorer is often criticized for the heaviness of its advertising, but also built-in bloatwares.
Using a simple script, the researcher showed how he could not only access the files, but also retrieve them on another device connected to the same local network. It is also possible to launch a remote application on the smartphone of the victim.
The specialist explains that when the Es File Explorer Manager is launched once, it connects to an HTTP server on port 59777.
This leaves a gaping hole that allows a third-party user with enough technical knowledge to exploit the loophole. access the personal data of his target.
According to the Techcrunch site which was the first contacted by the researcher, the HTTP protocol is a means used by the explorer to broadcast video from other applications, but also to access the files of the smartphone from another device (computer , smartphone, tablet, etc.).
But as you have no doubt understood, certain conditions are necessary to make the attack possible.
Es File Esplorer must be installed on the target smartphone, and the target smartphone must be connected to the same wireless network as the attacker. Hence, once again, vigilance always advisable when connecting to a public Wi-Fi network.