Researcher shows how popular app ES File Explorer exposes Android device data

guest · Jan 16, 2019

Researcher shows how popular app ES File Explorer exposes Android device data
Why is one of the most popular Android apps running a hidden web server in the background?
January 16, 2019
https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/

ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the exposed port last week, and disclosed his findings in several tweets on Wednesday. Prior to tweeting, he showed TechCrunch how the exposed port could be used to silently exfiltrate data from the device.

Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos, and app names — or even grab a file from the memory card — from another device on the same network. The script even allows an attacker to remotely launch an app on the victim’s device.
Click to expand...

The obvious caveat is that the chances of exploitation are slim, given that this isn’t an attack that anyone on the internet can perform. Any would-be attacker has to be on the same network as the victim. Typically that would mean the same Wi-Fi network.
Click to expand...

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Brummelchen · Jan 16, 2019

ES apps are pain, free is too crippled and paid to expensive.
i can recommend Total Commander which is totally free of charge and it supports plugins where most are free too.

in general i can recommend a firewall or similar in adguard premium.

guest · Jul 8, 2019

Fake ES File Explorer Makes It to Play Store, Records More than 10K Downloads
And it bombards users with ads after the install
July 8, 2019
https://news.softpedia.com/news/fak...-records-more-than-10k-downloads-526651.shtml

Google removed ES File Explorer from the Play store earlier this year due to what was believed to be click fraud, and the parent company, DO Global, hasn’t relaunched it since then.
But because this was one of the most popular file managers on Android, it was only a matter of time until someone used its name for other malicious purposes.

Lukas Stefanko, malware researcher at security company ESET, discovered the fake ES File Explorer and reported it on Twitter, explaining that once installed, this app bombards users with ads.

“App has no functionality and within 2 minutes displayed 9 fullscreen ads while "setting up" the app. To look trustworthy, it requests registration,” Stefanko notes.
Over 10,000 downloads
The more worrying is that this fake app has already recorded more than 10,000 downloads from the Google Play Store, most likely from users who believed they were installing the original file manager.
Click to expand...

DO Global didn’t say anything about a potential comeback of its app, and the company only said that it accepted Google decision of removing ES File Manager from the Play Store.

“We fully understand the seriousness of the allegations. As such, we immediately conducted an internal investigation on this matter. We regret to find irregularities in some of our products’ use of AdMob advertisements. Given this, we fully understand and accept Google's decision. Moreover, we have actively cooperated with them by doing a thorough examination of every app involved,” it said in the statement.
Click to expand...

guest · Sep 17, 2019

ES-File Explorer Vulnerability Let Attacker Access All Your Personal Files In Your Phone Remotely within 2 Min
September 17, 2019
https://gbhackers.com/es-file-explorer/

A high severity authentication bypass vulnerability that resides in ES-File Explorer due to insecure FTP activity let remote attackers gain access to all your files saved in your Android phone.

Master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed using this authentication bypass vulnerability, and the attacker starts the FTP and accesses the complete file system remotely even if the user set the master password.

Bhavesh Thakur, Security researcher exclusively report to GBHackers on Security says ” To obtain FTP service attacker need to invoke that malicious activity which was responsible to start FTP server on the phone. If things goes well within 2 minutes FTP service starts and an attacker can get complete access to the storage of the victim.”
“Please never trust application which provides multiple services. ES file explorer could cause it’s end-user a complete information disclosure of private data”, Bhavesh Thakur told GBHackers on Security.
Click to expand...

Bhavesh reported this vulnerability to the ES team and the bug was fixed in v4.2.0.1.4 and the CVE-2019–11380 has assigned.
Click to expand...

Log in or Sign up

Researcher shows how popular app ES File Explorer exposes Android device data

guest Guest

Brummelchen Registered Member

guest Guest

guest Guest

Log in or Sign up

Researcher shows how popular app ES File Explorer exposes Android device data

guest Guest

Brummelchen Registered Member

guest Guest

guest Guest

Useful Searches