Famed cyber-security researcher who goes by the name Elliot Alderson (@fs0c131y), has detailed a massive security flaw in the popular Android app, ‘ES File Explorer’, which has more than 100 million (10 crore) users globally. According to him, the vulnerability could potentially allow hackers access to a phone just by using the same LAN or Wi-Fi network.
The researcher claimed that the app apparently has a hidden web server running in the background, which can easily be hacked to steal information. “If you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone”, he said.
After writing a simple script, he was successful in extracting images, phone numbers, videos, and other files from an Android phone on the same Wi-Fi network. You can watch the demo below: