ES File Explorer, File management app for Android, exposes user’s data

More than 300 million users have downloaded this app, so the incident is very serious

ES File Explorer is one of the most popular Android
operating system file management applications. It has useful functions like
folder sharing, besides it is available for tablets and smartphones, although
not everything is good news. Network security and ethical hacking analysts from
the International Institute of Cyber Security report that this application runs
a hidden server that could leave a device exposed to cyberattacks or data

Nearly 300 million of Android users have
downloaded ES File Explorer, which makes it one of the most popular apps in
Play Store. Because of this, the vulnerability could affect an incredibly high
number of people.

According to an investigation by experts in network security, the ES File Explorer is running a hidden server, which could grant
access to any other user connected to the same network at the moment the
application starts and connects.  Thus,
another user connected to the same network would have access to the files
stored in our devices without us noticing the intrusion.

Baptiste Robert, who is in charge of the
investigation, claims that this vulnerability exposes any kind of files. “The
attacker could access images, videos, applications and even access the memory
card”, mentions the network security expert.

Experts highlight that the chances of
successfully executing this attack are minimal, as its execution depends on the
attacker and the victim being connected to the same network (to the same WiFi
connection, basically), in addition to medium skill hacking knowledge. However,
researchers do not dismiss any malicious user from developing an application
capable of exploiting this vulnerability.

However, it must be taken seriously the fact
that ES File Explorer, the most popular file manager of Android, contains a
vulnerability that allows the access and theft of the data and files stored in
a smartphone. Although, as mentioned, it is a very complex attack that requires
the conjunction of multiple variables and ability on the attackers’ side.

Prior to publishing their research, the experts
notified the application developers of the vulnerability, but they have not
received any response.

Android is the most used operating system in
smart devices, which makes it one of the most attacked targets by malicious
users. As a precaution, experts in cybersecurity recommend users to only
install applications that are in the official store, as well as the option to
resort to specific security tools for Android devices, such as antivirus or
password management software.

androidfile managementvulnerability