Popular file manager for Android allows you to steal other people’s data

0

   Do you know, nearly 10% of apps you download from the Google playstore have access to leak, sell, or steal your personal data. This can be very dangerous if you use your credit card for payment online such as when playing online casino games, shopping, app purchases and many more.

   In a recent report, it was discovered that one of the most popular mobile file managers, known as “ES Explorer”, hides a dangerous vulnerability in its code. This vulnerability was discovered by Baptist Robert a French security researcher . According to him, by using this application, you can access data from other users without their consent.

   With ES File Explorer manager, you can access contents on your mobile device, it also allows you to manage your data on FTP, FTPS, SFTP and WebDAV servers, as well as in cloud storages. In addition, it can be used to copy and paste files between devices via Bluetooth. But an open port vulnerability was recently detected, in which by using a special script an hacker can gain access to images, video and data on the memory card of another device located on the same local Wi-Fi network. Moreover, an attacker can even remotely launch a malicious application on the victim’s Smartphone.

   As reported by techcrunch Baptist Robert sent a report to the developers of the application, but they have not yet given any reply. Some believe that there is nothing wrong with such a feature of the file manager, because an attacker needs to be in the same network as the victim. But with the number of installations over 500 million, finding a user with ES File Explorer on a Smartphone on any open Wi-Fi network should be easy.

   According to a report from lifehacker in 2018, Google removed 13 apps from the Play store, all of them disguised as car racing games. People reported the games keeps crashing, when they try to play and infecting their phones with malware. Google later removed the apps from the playstore, after half a million Android users have downloaded it.

How to know if your android phone is infected or hacked:

  • Data breaches and/or leaks.
  • Your smartphone or tablet will start slowing down in performance.
  • Installation of unknown new apps.
  • Noticeable battery drain.
  • Background sending/receiving strange text messages on your device.
  • Many of your previously installed apps will force stop or stop working entirely.   
  • You might be infected if you notice  strange “Advertisement and Pop-ups” appearing on your device.
  • Your browser will start re-directing to fraudulent sites.

How to protect your data:

  • Only download Apps/Apk from legitimate source(Playstore).
  • Do not click on email links from strangers or suspicious website.
  • Never give your unlocked phone to someone and not watched what they were doing with/to your phone.
  • You should always use a VPN (Virtual Proxy Network) service to secure your internet traffic.
  • Always install any OTA (over the air) updates available for your phone, your Android Security Patch Level will be up to date, this will protects you from the latest security exploits.
  • Uninstall unwanted apps that are installed in your App-management settings.
  • Always use Android cleaner like cc-cleaner to remove all unwanted junks stored on device.

   In conclusion, for a non-technical
phone user it’s almost impossible to know if your phone is infected and your
data has been leaked. It is your duty to protect your phone by following the
guidelines of this post.

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.