ES File Explorer Has A Hidden Web Server; Data Of 500 Million Users At Risk


When it comes to file explorer apps for Android, ES File Explorer is undoubtedly one of the most popular apps. I, myself, use the app for managing files and folders on my smartphone. However, it came as shock for me that ES File Explorer has a hidden web server running in the background and my data could be accessed by anyone with a simple script.

Baptiste Robert, a French security researcher, who is famous for exposing vulnerabilities in websites and apps, has exposed the file explorer app in a series of tweets.

He demonstrated the exfiltration of data by writing a simple script. He managed to export pictures, names of apps installed on your Android device, videos and even the files installed on the mounted memory card. By using the script, a bad actor could also launch an app in the victim’s smartphone remotely.

However, for extracting your data, the attacker must be on the same network as your device which means that it is not a vulnerability that could be exploited by anyone on the internet. But, the open port could be exploited by any malicious app that has the required network permissions.

ES File Explorer hasn’t responded to the allegations yet. Interestingly, the app has more than 500 million downloads on the Google Play Store.

With more and more Android apps donning the robe of data thieves, it is Play Store’s responsibility to ensure that users’ data remains safe, especially from the apps that could access files stored on your device.

Also Read: Call Of Duty: Black Ops 4 Battle Royale Goes Free For One Week
Anmol Sachdeva

Anmol Sachdeva

Anmol is a tech journalist who handles reportage of cybersecurity and Apple and OnePlus devices at Fossbytes. He's an ambivert who is striving hard to appease existential crisis by eating, writing, and scrolling through memes.
More From Fossbytes

Latest On Fossbytes

Find your dream job