For a very long time, ES File Explorer was the de facto file manager on Android. Over time, however, it turned out that its reliability was less good. A recent vulnerability reminds us why there are better choices now.
As indicated by the Android font, there is a new vulnerability in ES that exposes your files to anyone on the same network – just open the app. once. This bug was found by searching for Elliot Alderson, who posted on it on Twitter.
With over 100,000,000 downloads, ES File Explorer is one of the most famous #Android file manager.
The surprise is that if you have opened the application at least once, anyone connected to the same local network can get a file remotely from your phone. https://t.co/Uv2ttQpUcN
– Elliot Alderson (@ fs0c131y) January 16, 2019
Apparently, ES leaves port 59777 open on your phone after launch, allowing anyone on the same network to access the file structure and beyond. An attacker can use this open port to inject a JSON payloadthen access all your information and download them.
The advantage is that the ES team knows the problem and says it has been resolved, with an upcoming update:
We fixed the vulnerability issue http and published. Until the Google market passes the test.
However, given the turbulent history of the ES, it is an additional opportunity to remind everyone there are better options out there. If you insist on using ES, I would at least suggest avoiding it until the update that fixes this bug is available in the Play Store.
via Android font