• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Supermouth Ultim8 electric toothbrush review: Gentle giant

August 20, 2025

Samsung Galaxy Watch 8 Review: A solid albeit unexciting smartwatch

August 19, 2025

Huawei MatePad 11.5 review: iPad rival that’s missing a trick

August 17, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Security»Chaining Yunmai Smart Scale App Vulnerabilities Could Expose User Data
Security

Chaining Yunmai Smart Scale App Vulnerabilities Could Expose User Data

June 29, 2022Updated:June 29, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Quite a few bugs riddled the safety of the Chinese language-made Yunmai Sensible Scale units. The vulnerabilities particularly have an effect on the Yunmai Sensible Scale app, exploiting which might permit an adversary to entry customers’ private knowledge. Whereas the distributors fastened one of many bugs, it nonetheless remained potential to bypass the patch.

Yunmai Sensible Scale App Vulnerabilities

The London-based cybersecurity agency Fortbridge has shared an in depth post elaborating on the 5 completely different vulnerabilities within the Yumnai Sensible Scale app.

As defined, exploiting the bugs might permit varied malicious actions. Notably, an adversary might even chain the exploits to takeover goal accounts.

The bugs affected the Sensible Scale’s cellular app for Android and iOS units. The app permits customers to realize extra details about their well being standing, like BMI, weight progress graphs, visceral fats share, and related parameters.

These particulars point out that the app shops way more details about the customers than they’ll think about. Therefore, any vulnerabilities exposing such specific private knowledge threat a sufferer adversely, disclosing greater than names, start dates, and gender.

Concerning the bugs found

In keeping with the researcher Bogdan Tiron, the vulnerabilities within the app embrace,

  • Relations restrict bypass: the app permits a person so as to add as much as 16 members of the family, creating separate “little one accounts” to the “mother or father” account. Nonetheless, an adversary might exploit the flaw so as to add extra little one accounts.
  • UserID enumeration: brute-forcing the final 5 digits by extracting a single userID might reveal details about the opposite little one account customers. The uncovered knowledge would come with the userIDs, names, gender, dates of start, profile footage, and puIds (userID of main or “mother or father” accounts).
  • Ineffective authorization checks: as a result of lack of correct authorization checks, an adversary might delete an account by including the goal userID to the ‘delUserId’ parameter. Likewise, including a person account could be potential by abusing the sufferer’s puId worth.
  • Info leak: since including a member of the family account leaks ‘accessToken’, and the ‘refreshToken’ of the brand new account from the server, an adversary might exploit it to realize elevated privileges and take over the goal main account.
  • Account takeover by means of ‘forgot password’ performance: An adversary might request a number of tokens to guess the code because of poor to none “forgot password” token validation.
See also  From the back office to the till: Cybersecurity challenges facing global retailers

Tiron additional defined that chaining the final three vulnerabilities might permit unrestricted entry of an adversary to the goal account. He has shared the technical particulars in regards to the flaws within the publish.

Incomplete Patches And Bypass

Following this discovery, the researcher contacted the app builders to report the bugs. Whereas the distributors seemingly fastened the “forgot password” vulnerability, the researcher might nonetheless bypass the repair. Whereas the opposite 4 vulnerabilities nonetheless demand their consideration.

Regardless of a number of makes an attempt to achieve out to the developer staff and the failure of the distributors to deploy well timed fixes, Tiron stepped forward with the general public disclosure.

Source link

app Chaining data Expose Scale Smart User vulnerabilities Yunmai
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Apple’s Free Sports App Gains FA Community Shield Coverage, Expands to Mexico

July 23, 2025

Siri’s Cousin? Apple May Add AI Chatbot to Support App

July 10, 2025

TikTok Plans Special US App as It Looks to Stay In the Game

July 8, 2025

Trump Officials Slam ICEBlock as It Tops iPhone App Charts

July 4, 2025
Add A Comment

Comments are closed.

Editors Picks

Toastmasters adopts AI-powered speech analytics technology from Seattle startup Yoodli – Startup

December 9, 2022

Apple Gets Shut Out at the Oscars

March 12, 2024

Xiaomi Redmi Pad SE 8.7 review: Mini tablet with a mini price

December 29, 2024

Patton Oswalt catfishes his son in I Love My Dad’s trailer

July 13, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Supermouth Ultim8 electric toothbrush review: Gentle giant

Samsung Galaxy Watch 8 Review: A solid albeit unexciting smartwatch

Huawei MatePad 11.5 review: iPad rival that’s missing a trick

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.