He sent over his script for us to test, and we verified his findings using a spare Android phone. The script even allows an attacker to remotely launch an app on the victim’s device. Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos and app names - or even grab a file from the memory card - from another device on the same network. “All connected devices on the local network can get installed on the device,” he said. Prior to tweeting, he showed TechCrunch how the exposed port could be used to silently exfiltrate data from the device. In doing so, it opens up the entire Android device to a whole host of attacks - including data theft.īaptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the exposed port last week, and disclosed his findings in several tweets on Wednesday. Its simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more.īut behind the scenes, the app is running a slimmed-down web server on the device. Why is one of the most popular Android apps running a hidden web server in the background?ĮS File Explorer claims it has more than 500 million downloads under its belt since 2014, making it one of the most used apps to date.
0 kommentar(er)
