When the most downloaded file explorer gives access to your photos and files

Very popular, the File Explorer ES File Explorer on Android is the victim of a security breach. This allows an attacker to recover any file stored on your smartphone.

Especially popular and downloaded more than 100 million times on the Google Play Store, the file explorer ES File Explorer has experienced a major security breach as noted by security expert Baptiste Robert, known under the pseudonym d Elliot Alderson.
In a Twitter feed published on Wednesday, the developer, whose portrait we had painted a little over a year ago, explained that an ES File Explorer vulnerability allowed anyone connected to the same network Wi-Fi recover files stored on a smartphone with File Explorer installed.
A flaw being resolved
"Technically, every time a user starts the application, an HTTP server is opened. This server opens port 59777 locally. On this port, a malicious person can send a JSON packet to the target, "says Elliot Alderson. This JSON package, which can encapsulate various instructions, can be used to exfiltrate files stored on the victim's smartphone, be they photographs, a list of installed applications, videos or your notebook. addresses.

The developers of the application finally explained to the Android Police site that they had corrected the flaw: "We repaired the http vulnerability and released the fix. We are now waiting for Google to validate the new version. " At the time of publication of this article, the new version is not yet available on the Google Play Store.
Read on FrAndroid: "People should not trust the phone manufacturers", portrait of a whistleblower


Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *