YoSmart YoLink Smart Hub Unencrypted Data Exposure Vulnerability

A vulnerability exists in the YoSmart YoLink Smart Hub firmware version 0382, where unencrypted data can be extracted and used to determine network access credentials. This flaw exposes Wi-Fi credentials and device IDs in cleartext, creating a risk for unauthorized access and control over connected YoLink devices.

Impact

Exploitation of this vulnerability allows for unauthorized access to YoLink network credentials and the ability to control connected IoT devices, such as smart locks and garage door openers, potentially leading to unauthorized physical access to homes.

Reproduction

The vulnerability can be reproduced by establishing a serial connection to the YoLink Smart Hub's ESP32-WROOM-32 microcontroller via the UART pins. Once connected, the device's application logs can be intercepted, revealing unencrypted MQTT credentials and Wi-Fi information. This exploitation can be automated by iterating through possible device IDs to collect credentials for controlling other users' devices.

Remediation

Users are advised to treat the YoLink Smart Hub as untrusted, disconnect it from critical networks, and avoid using it for access control. Consider switching to vendors that provide regular security updates and independent security testing.