Researcher publishes a vulnerability on ES File Explorer app, let’s attacker read Android device data
Security researchers, Robert have published a vulnerability in the ES File Explorer app that allows an attacker to gather many Android device data. Robert said app versions 4.1.9.5.2 and below is vulnerable.
ES File Explorer (File Manager) is a full-featured file (Images, Music, Movies, Documents, app) manager for both local and networked use! With over 500 million users worldwide, ES File Explorer (File Manager) helps manage your android phone and files efficiently and effectively and share files without data cost.
The security researcher explained that,
“everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777:
angler:/ # netstat -ap | grep com.estrongs
tcp6 0 0 :::59777 :::* LISTEN 5696/com.estrongs.android.pop“
So, the attacker can send a payload to the victim devices and “obtain a lot of juicy information (device info, app installed, …) about the victim’s phone.”
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://t.co/Uv2ttQpUcN— Baptiste Robert (@fs0c131y) January 16, 2019
Robert wrote a POC to demonstrated how he could gather pictures, videos, and app names, even grab a file from the memory card from another device on the same network.
With the following Proof Of Concept (POC), you can:
- List all the files in the sdcard in the victim device
- List all the pictures in the victim device
- List all the videos in the victim device
- List all the audio files in the victim device
- List all the apps installed in the victim device
- List all the system apps installed in the victim device
- List all the phone apps installed in the victim device
- List all the apk files stored in the sdcard of the victim device
- List all the apps installed in the victim device
- Get device info of the victim device
- Pull a file from the victim device
- Launch an app of your choice
- Get the icon of an app of your choice
If you are using ES File Explorer app, please make sure you are on the latest version (4.1.9.7.4).