Why is likely one of the hottest Android apps operating a hidden net server within the background?
ES File Explorer claims it has more than 500 million downloads beneath its belt since 2014, making it one of the used apps so far. Its simplicity makes it what it's: a easy file explorer that permits you to flick thru your Android cellphone or pill’s file system for information, knowledge, paperwork and extra.
However behind the scenes, the app is operating a slimmed-down net server on the machine. In doing so, it opens up the complete Android machine to an entire host of assaults — together with knowledge theft.
Baptiste Robert, a French safety researcher who goes by the online handle Elliot Alderson, discovered the uncovered port final week, and disclosed his findings in several tweets on Wednesday. Previous to tweeting, he confirmed TechCrunch how the uncovered port might be used to silently exfiltrate knowledge from the machine.
“All related gadgets on the native community can get [data] put in on the machine,” he mentioned.
Utilizing a simple script he wrote, Robert demonstrated how he might pull photos, movies and app names — and even seize a file from the reminiscence card — from one other machine on the identical community. The script even permits an attacker to remotely launch an app on the sufferer’s machine.
He despatched over his script for us to check, and we verified his findings utilizing a spare Android cellphone. Robert mentioned app variations 184.108.40.206.2 and beneath have the open port.
“It’s clearly not good,” he mentioned.
We contacted the makers of ES File Explorer however didn't hear again previous to publication. If that adjustments, we’ll replace.
The apparent caveat is that the probabilities of exploitation are slim, provided that this isn’t an assault that anybody on the web can carry out. Any would-be attacker needs to be on the identical community because the sufferer. Usually that may imply the identical Wi-Fi community. However that additionally signifies that any malicious app on any machine on the community that is aware of methods to exploit the vulnerability might pull knowledge from a tool operating ES File Explorer and ship it alongside to a different server, as long as it has community permissions.
Of the affordable explanations, some have steered that it’s used to stream video to different apps utilizing the HTTP protocol. Others who traditionally found the same exposed port discovered it alarming. The app even says it permits you to “handle information in your cellphone out of your pc… when this function is enabled.”
However likely don’t understand that the open port leaves them uncovered from the second they open the app.