YoSmart YoLink Ecosystem Unencrypted MQTT Communication Vulnerability

A vulnerability exists in the YoSmart YoLink ecosystem, including the YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker, due to the use of unencrypted MQTT for internet communication. This flaw allows attackers to monitor network traffic and intercept sensitive information, such as Wi-Fi credentials and device IDs, or manipulate the traffic to control connected devices. The issue arises from the hub's MQTT traffic being transmitted in cleartext, without the security of encryption, leaving it exposed to interception and exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized access and control over YoLink devices connected to the compromised hub. This includes potential physical access to homes by manipulating smart locks or garage doors, as well as the ability to disrupt or interfere with other connected devices.

Reproduction

The vulnerability can be reproduced by intercepting the unencrypted MQTT traffic between the YoLink Hub and the YoLink MQTT Broker. This can be done by monitoring the network with a packet capture tool, such as Wireshark, while the YoLink application is used to control connected devices. The intercepted MQTT messages will reveal sensitive information and commands being sent to and from the devices.

Remediation

Users are advised to treat the YoLink Hub as an untrusted device. It is recommended to disconnect or segment the hub from critical networks, avoid using it for access control, and consider switching to vendors that provide regular security updates and independent security testing.