Major security flaw found in popular ES File Explorer Android app

If you use the popular Android app ES File Explorer on any of your Android smartphones or tablets, be careful: a security researcher has found a vulnerability in the app which would allow a hacker to access sensitive information on your device (via TechCrunch).

ES File Explorer — which has over 100 million installs on the Google Play Store — is a very simple and effective file manager app for Android. The app is totally free with an option to upgrade to ES File Manager Pro, which removes advertisements and offers a selection of new features.

According to Baptiste Robert — a French security researcher who uses the alias “Elliot Alderson” in some online forums — the ES File Explorer app includes a tiny hidden web server. Although Robert is not totally certain why the web server is there (he posits it might have to do with streaming video to other apps using HTTP) he did conclude that any hacker on the same network as the device could use the open ports connected to the web server to gain access to the device.

Editor's Pick

Files by Google now supports USB OTG storage exploring

The latest update to Files by Google is rolling out now, and with it comes some new functionality. Files by Google version 1.0.224103129 now supports USB OTG storage. Although USB OTG storage support isn't something many people …

Once the hacker gains access through the open port, they could theoretically take almost any file from the Android device — including photos, videos, text files, etc. — and transfer it to any other server they also had access to. They could also remotely launch apps on the exploited device.

Obviously, this vulnerability only becomes a problem if you are on the same network as the hacker, which usually involves being connected to the same Wi-Fi network. In other words, the dangers of this vulnerability while you are at home are slim-to-none, but the dangers increase exponentially if you are on a public network such as those at coffee shops, airports, libraries, etc.

We attempted to contact ES App Group, the creators of ES File Explorer, to get a statement on this security issue. However, we did not hear back before press time. We will update this article if and when we receive a response.

In the meantime, will this stop you from using ES File Explorer? If so, here’s a list of alternatives, or sound off in the comments with your file explorer app of choice.

NEXT: 10 best Android file explorer apps, file browser apps, and file manager apps

from Android Authority http://bit.ly/2Dcnm0i