ES檔案瀏覽器遭爆含有資料竊取及攻擊漏洞 - 手機討論

By Olga
at 2019-01-20T21:52
at 2019-01-20T21:52
Table of Contents
安裝數量超過1億的Android檔案管理工具遭爆含有資料竊取及中間人攻擊漏洞
Robert指出,一旦使用者執行了ES File Explorer File Manager,它就會於在地端的59777埠開啟一個HTTP伺服器,位於同一網路中的駭客只要傳送一個JSON程式,就能存取裝置上的大量資訊,他已打造出一個概念性驗證攻擊程式,可成功地列出裝置上的檔案、照片、影片、程式,還能取得裝置上的檔案或是執行裝置上的程式。
在Robert公布研究成果的幾個小時之後,ESET的Android惡意程式研究人員Lukas Stefanko也說他在ES File Explorer File Manager上發現了一個中間人攻擊(MITM)漏洞,駭客只要連上與該裝置同樣的網路,就能攔截HTTP流量。
攻擊手法影片示範:
ES File Explorer Open Port Vulnerability
https://www.youtube.com/watch?v=z6hfgnPNBRE
Vulnerable Android app ES File Explorer 中間人攻擊:
https://www.youtube.com/watch?v=BtLUO-ujJ7I
漏洞說明與檔案:
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
原始資料:
https://techcrunch.com/…/android-app-es-file-explorer-expo…/
引用來源:
https://www.ithome.com.tw/news/128351
來源:
www.facebook.com/netwargame/photos/a.178682542180604/1962458330469674/?type=3&__xts__%5B0%5D=68.ARA_7oBTjD9jH4vqFNR7cp-Qn8msEiaQvDqOXiAFBS0Ak5qIuqgXe7ideI0hA6IGqudWe9n5ZIVWO8XYkDsYm3_oQvqyfIU-jC6Q1xJvn-UhiZHCuq-DShyd2QVKP1-w5LOP0QORphwt8r3Nv_7oEQcgADvt_xCwq538pFSoZTBWLbOqDJB0LI8m-NYuW0IWrBjmryuCMY8-8rQcGRS4fDMf4bdIt1VX88Oyv6KVa7NClSBEDIn0mS8YSw-hpWoMHyTSqBQjIFTkarY_Hr09BdFSOQaWBeu9rpeby8tFgFvu04Tr11Lc1ybDHmaeCBkhCq0_oY1NdETyAHVqI8M9Cia8Jg&__tn__=-R
縮http://bit.ly/2RZUFfg
最近好像常爆出各個 APK 有中共後門或資料收集的消息
各個 APK 也開始被檢視了
像這樣開源又能讓大眾去檢視
證明安卓系統是可以安全放心使用的
有廣大的高手在為大家的使用安全把關
反正手機沒有情色自拍或機敏資料 也不用擔心被竊取資料
大不了信用卡資訊刪一刪就好
或是直接買中國品牌手機 例如相機手機王者華為
就像簽契約一樣 一開始就同意讓他們能運用你的個資
後續就不用擔心東擔心西 害怕哪個程式可能有危險
反正行得正坐得直 拿來玩遊戲打電話文字聊聊天看看片就很爽
怕的人快刪吧
--
Robert指出,一旦使用者執行了ES File Explorer File Manager,它就會於在地端的59777埠開啟一個HTTP伺服器,位於同一網路中的駭客只要傳送一個JSON程式,就能存取裝置上的大量資訊,他已打造出一個概念性驗證攻擊程式,可成功地列出裝置上的檔案、照片、影片、程式,還能取得裝置上的檔案或是執行裝置上的程式。
在Robert公布研究成果的幾個小時之後,ESET的Android惡意程式研究人員Lukas Stefanko也說他在ES File Explorer File Manager上發現了一個中間人攻擊(MITM)漏洞,駭客只要連上與該裝置同樣的網路,就能攔截HTTP流量。
攻擊手法影片示範:
ES File Explorer Open Port Vulnerability
https://www.youtube.com/watch?v=z6hfgnPNBRE
https://www.youtube.com/watch?v=BtLUO-ujJ7I
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
原始資料:
https://techcrunch.com/…/android-app-es-file-explorer-expo…/
引用來源:
https://www.ithome.com.tw/news/128351
來源:
www.facebook.com/netwargame/photos/a.178682542180604/1962458330469674/?type=3&__xts__%5B0%5D=68.ARA_7oBTjD9jH4vqFNR7cp-Qn8msEiaQvDqOXiAFBS0Ak5qIuqgXe7ideI0hA6IGqudWe9n5ZIVWO8XYkDsYm3_oQvqyfIU-jC6Q1xJvn-UhiZHCuq-DShyd2QVKP1-w5LOP0QORphwt8r3Nv_7oEQcgADvt_xCwq538pFSoZTBWLbOqDJB0LI8m-NYuW0IWrBjmryuCMY8-8rQcGRS4fDMf4bdIt1VX88Oyv6KVa7NClSBEDIn0mS8YSw-hpWoMHyTSqBQjIFTkarY_Hr09BdFSOQaWBeu9rpeby8tFgFvu04Tr11Lc1ybDHmaeCBkhCq0_oY1NdETyAHVqI8M9Cia8Jg&__tn__=-R
縮http://bit.ly/2RZUFfg
最近好像常爆出各個 APK 有中共後門或資料收集的消息
各個 APK 也開始被檢視了
像這樣開源又能讓大眾去檢視
證明安卓系統是可以安全放心使用的
有廣大的高手在為大家的使用安全把關
反正手機沒有情色自拍或機敏資料 也不用擔心被竊取資料
大不了信用卡資訊刪一刪就好
或是直接買中國品牌手機 例如相機手機王者華為
就像簽契約一樣 一開始就同意讓他們能運用你的個資
後續就不用擔心東擔心西 害怕哪個程式可能有危險
反正行得正坐得直 拿來玩遊戲打電話文字聊聊天看看片就很爽
怕的人快刪吧
--
Tags:
手機
All Comments

By Madame
at 2019-01-21T05:27
at 2019-01-21T05:27

By Tom
at 2019-01-21T13:02
at 2019-01-21T13:02

By Dora
at 2019-01-21T20:38
at 2019-01-21T20:38

By William
at 2019-01-22T04:13
at 2019-01-22T04:13

By Blanche
at 2019-01-22T11:49
at 2019-01-22T11:49

By George
at 2019-01-22T19:24
at 2019-01-22T19:24

By Faithe
at 2019-01-23T03:00
at 2019-01-23T03:00

By Adele
at 2019-01-23T10:35
at 2019-01-23T10:35

By Tracy
at 2019-01-23T18:11
at 2019-01-23T18:11

By Heather
at 2019-01-24T01:46
at 2019-01-24T01:46

By Edith
at 2019-01-24T09:22
at 2019-01-24T09:22

By Harry
at 2019-01-24T16:57
at 2019-01-24T16:57

By Regina
at 2019-01-25T00:33
at 2019-01-25T00:33

By Sandy
at 2019-01-25T08:08
at 2019-01-25T08:08

By Zenobia
at 2019-01-25T15:44
at 2019-01-25T15:44

By Hardy
at 2019-01-25T23:19
at 2019-01-25T23:19

By Elizabeth
at 2019-01-26T06:55
at 2019-01-26T06:55

By Dinah
at 2019-01-26T14:30
at 2019-01-26T14:30

By Jack
at 2019-01-26T22:06
at 2019-01-26T22:06

By Eartha
at 2019-01-27T05:41
at 2019-01-27T05:41

By Hazel
at 2019-01-27T13:17
at 2019-01-27T13:17

By Olivia
at 2019-01-27T20:52
at 2019-01-27T20:52

By Daniel
at 2019-01-28T04:28
at 2019-01-28T04:28

By Sierra Rose
at 2019-01-28T12:03
at 2019-01-28T12:03

By Emma
at 2019-01-28T19:39
at 2019-01-28T19:39

By Connor
at 2019-01-29T03:14
at 2019-01-29T03:14

By Vanessa
at 2019-01-29T10:50
at 2019-01-29T10:50

By Olga
at 2019-01-29T18:25
at 2019-01-29T18:25

By Hedwig
at 2019-01-30T02:01
at 2019-01-30T02:01

By Ula
at 2019-01-30T09:36
at 2019-01-30T09:36

By Connor
at 2019-01-30T17:11
at 2019-01-30T17:11

By Tracy
at 2019-01-31T00:47
at 2019-01-31T00:47

By Jessica
at 2019-01-31T08:22
at 2019-01-31T08:22

By Gary
at 2019-01-31T15:58
at 2019-01-31T15:58

By Isla
at 2019-01-31T23:33
at 2019-01-31T23:33

By Lily
at 2019-02-01T07:09
at 2019-02-01T07:09

By Olive
at 2019-02-01T14:44
at 2019-02-01T14:44

By Thomas
at 2019-02-01T22:20
at 2019-02-01T22:20

By George
at 2019-02-02T05:55
at 2019-02-02T05:55

By Kristin
at 2019-02-02T13:31
at 2019-02-02T13:31

By Mary
at 2019-02-02T21:06
at 2019-02-02T21:06

By Elvira
at 2019-02-03T04:42
at 2019-02-03T04:42

By Regina
at 2019-02-03T12:17
at 2019-02-03T12:17

By Ula
at 2019-02-03T19:53
at 2019-02-03T19:53

By Dorothy
at 2019-02-04T03:28
at 2019-02-04T03:28

By Zora
at 2019-02-04T11:04
at 2019-02-04T11:04

By Margaret
at 2019-02-04T18:39
at 2019-02-04T18:39

By Regina
at 2019-02-05T02:15
at 2019-02-05T02:15

By Oliver
at 2019-02-05T09:50
at 2019-02-05T09:50

By Elma
at 2019-02-05T17:26
at 2019-02-05T17:26

By Suhail Hany
at 2019-02-06T01:01
at 2019-02-06T01:01

By David
at 2019-02-06T08:37
at 2019-02-06T08:37

By Carolina Franco
at 2019-02-06T16:12
at 2019-02-06T16:12

By Ursula
at 2019-02-06T23:48
at 2019-02-06T23:48

By George
at 2019-02-07T07:23
at 2019-02-07T07:23

By Bethany
at 2019-02-07T14:59
at 2019-02-07T14:59

By Hedwig
at 2019-02-07T22:34
at 2019-02-07T22:34

By Lucy
at 2019-02-08T06:10
at 2019-02-08T06:10

By Hedwig
at 2019-02-08T13:45
at 2019-02-08T13:45

By Jack
at 2019-02-08T21:21
at 2019-02-08T21:21

By Poppy
at 2019-02-09T04:56
at 2019-02-09T04:56

By Isabella
at 2019-02-09T12:31
at 2019-02-09T12:31

By Jack
at 2019-02-09T20:07
at 2019-02-09T20:07

By Donna
at 2019-02-10T03:42
at 2019-02-10T03:42
Related Posts
ROG Phone twinview dock一日心得&任務

By Agatha
at 2019-01-20T21:43
at 2019-01-20T21:43
Android版Twitter含有漏洞可讓私人推文曝

By Joe
at 2019-01-20T21:41
at 2019-01-20T21:41
15~20K左右手機選擇

By Cara
at 2019-01-20T21:38
at 2019-01-20T21:38
Google Play送60元購物金

By Caroline
at 2019-01-20T21:35
at 2019-01-20T21:35
降輻射.收訊變佳 手機開"飛航"5大好處

By John
at 2019-01-20T21:06
at 2019-01-20T21:06