ES file explorer is one of the most popular file manager apps out there, commanding over 100 million downloads. However, a recently emerged report from TechCrunch might bring a second thought to you over its existence on your device.
According to the report, the app is running a slimmed down web-server that opens up your entire device to attacks. This vulnerability was revealed by a French security researcher, Elliot Anderson.
He found that if an ES File Explorer user is connected to a local network, say a WiFi network or a LAN, their data can be extracted by anyone who is also connected to the same network, of course, without their permission.
To demonstrate this hack, and data vulnerability, Elliot wrote a simple script and used this vulnerability to remotely pull out images, phone numbers, videos, apps from another Android phone, he was also able to pull out information stored in the memory card.
However, as TechCrunch noted, this data vulnerability can only affect those who are connected to the same WiFi or local network, which makes the chances of exploitation very slim, but on the flip side, this also means that the open access could be exploited by any malicious app that has the required network permissions.
While we wait for a response from ES file explorer, what file manager app do you use on your Smartphone?
Here is an official response from ES File Explorer (Notice how they didn’t deny it?
We have fixed the http vulnerability issue and released it. Waiting for the Google market to pass the review.”
Hopefully we’ll see the updated version pretty soon.