Quite a few bugs riddled the safety of the Chinese language-made Yunmai Good Scale gadgets. The vulnerabilities particularly have an effect on the Yunmai Good Scale app, exploiting which might enable an adversary to entry customers’ private information. Whereas the distributors mounted one of many bugs, it nonetheless remained doable to bypass the patch.
Yunmai Good Scale App Vulnerabilities
The London-based cybersecurity agency Fortbridge has shared an in depth publish elaborating on the 5 completely different vulnerabilities within the Yumnai Good Scale app.
As defined, exploiting the bugs might enable varied malicious actions. Notably, an adversary might even chain the exploits to takeover goal accounts.
The bugs affected the Good Scale’s cellular app for Android and iOS gadgets. The app permits customers to achieve extra details about their well being standing, like BMI, weight progress graphs, visceral fats share, and comparable parameters.
These particulars point out that the app shops way more details about the customers than they’ll think about. Therefore, any vulnerabilities exposing such specific private information danger a sufferer adversely, disclosing greater than names, beginning dates, and gender.
In regards to the bugs found
In accordance with the researcher Bogdan Tiron, the vulnerabilities within the app embrace,
- Members of the family restrict bypass: the app permits a person so as to add as much as 16 relations, creating separate “baby accounts” to the “guardian” account. Nevertheless, an adversary might exploit the flaw so as to add extra baby accounts.
- UserID enumeration: brute-forcing the final 5 digits by extracting a single userID might reveal details about the opposite baby account customers. The uncovered information would come with the userIDs, names, gender, dates of beginning, profile photos, and puIds (userID of major or “guardian” accounts).
- Ineffective authorization checks: as a result of lack of correct authorization checks, an adversary might delete an account by including the goal userID to the ‘delUserId’ parameter. Likewise, including a person account can be doable by abusing the sufferer’s puId worth.
- Data leak: since including a member of the family account leaks ‘accessToken’, and the ‘refreshToken’ of the brand new account from the server, an adversary might exploit it to achieve elevated privileges and take over the goal major account.
- Account takeover by ‘forgot password’ performance: An adversary might request a number of tokens to guess the code as a consequence of poor to none “forgot password” token validation.
Tiron additional defined that chaining the final three vulnerabilities might enable unrestricted entry of an adversary to the goal account. He has shared the technical particulars concerning the flaws within the publish.
Incomplete Patches And Bypass
Following this discovery, the researcher contacted the app builders to report the bugs. Whereas the distributors seemingly mounted the “forgot password” vulnerability, the researcher might nonetheless bypass the repair. Whereas the opposite 4 vulnerabilities nonetheless demand their consideration.
Regardless of a number of makes an attempt to achieve out to the developer workforce and the failure of the distributors to deploy well timed fixes, Tiron stepped forward with the general public disclosure.
