Tomofun Furbo 360 and Furbo Mini UART Interface Insecure Storage of Sensitive Information Vulnerability

A vulnerability exists in the Tomofun Furbo 360 and Furbo Mini models, specifically in the UART interface, leading to the insecure storage of sensitive information. This vulnerability allows an attacker with physical access to the device to retrieve the previous owner's Wi-Fi SSID and password. The issue arises because factory resets do not clear certain files used for Wi-Fi authentication, leaving sensitive information accessible. Exploitation of this vulnerability is complex and challenging, but a public exploit is available.

Impact

Exploitation of this vulnerability allows for the retrieval of stored Wi-Fi credentials from a configuration file, which can then be used to access the previous owner's network. Additionally, this could lead to physical location tracking of the previous owner using geolocation services, potentially allowing for a visit to their home.

Reproduction

To reproduce this vulnerability, connect the affected device to a computer via the UART interface. Once connected, access the device's file system and navigate to the wpa_supplicant.conf file, which contains the Wi-Fi SSID and password in clear text. This file can be read using standard file access commands available in the UART interface.