• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Oppo Find N5 review: Stellar foldable has one big problem

July 30, 2025

The Naked Gun review: Charged with man’s laughter

July 30, 2025

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

July 30, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Security»Chaining Yunmai Smart Scale App Vulnerabilities Could Expose User Data
Security

Chaining Yunmai Smart Scale App Vulnerabilities Could Expose User Data

June 29, 2022Updated:June 29, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Quite a few bugs riddled the safety of the Chinese language-made Yunmai Sensible Scale units. The vulnerabilities particularly have an effect on the Yunmai Sensible Scale app, exploiting which might permit an adversary to entry customers’ private knowledge. Whereas the distributors fastened one of many bugs, it nonetheless remained potential to bypass the patch.

Yunmai Sensible Scale App Vulnerabilities

The London-based cybersecurity agency Fortbridge has shared an in depth post elaborating on the 5 completely different vulnerabilities within the Yumnai Sensible Scale app.

As defined, exploiting the bugs might permit varied malicious actions. Notably, an adversary might even chain the exploits to takeover goal accounts.

The bugs affected the Sensible Scale’s cellular app for Android and iOS units. The app permits customers to realize extra details about their well being standing, like BMI, weight progress graphs, visceral fats share, and related parameters.

These particulars point out that the app shops way more details about the customers than they’ll think about. Therefore, any vulnerabilities exposing such specific private knowledge threat a sufferer adversely, disclosing greater than names, start dates, and gender.

Concerning the bugs found

In keeping with the researcher Bogdan Tiron, the vulnerabilities within the app embrace,

  • Relations restrict bypass: the app permits a person so as to add as much as 16 members of the family, creating separate “little one accounts” to the “mother or father” account. Nonetheless, an adversary might exploit the flaw so as to add extra little one accounts.
  • UserID enumeration: brute-forcing the final 5 digits by extracting a single userID might reveal details about the opposite little one account customers. The uncovered knowledge would come with the userIDs, names, gender, dates of start, profile footage, and puIds (userID of main or “mother or father” accounts).
  • Ineffective authorization checks: as a result of lack of correct authorization checks, an adversary might delete an account by including the goal userID to the ‘delUserId’ parameter. Likewise, including a person account could be potential by abusing the sufferer’s puId worth.
  • Info leak: since including a member of the family account leaks ‘accessToken’, and the ‘refreshToken’ of the brand new account from the server, an adversary might exploit it to realize elevated privileges and take over the goal main account.
  • Account takeover by means of ‘forgot password’ performance: An adversary might request a number of tokens to guess the code because of poor to none “forgot password” token validation.
See also  X1 raises $25m for smart credit card

Tiron additional defined that chaining the final three vulnerabilities might permit unrestricted entry of an adversary to the goal account. He has shared the technical particulars in regards to the flaws within the publish.

Incomplete Patches And Bypass

Following this discovery, the researcher contacted the app builders to report the bugs. Whereas the distributors seemingly fastened the “forgot password” vulnerability, the researcher might nonetheless bypass the repair. Whereas the opposite 4 vulnerabilities nonetheless demand their consideration.

Regardless of a number of makes an attempt to achieve out to the developer staff and the failure of the distributors to deploy well timed fixes, Tiron stepped forward with the general public disclosure.

Source link

app Chaining data Expose Scale Smart User vulnerabilities Yunmai
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Apple’s Free Sports App Gains FA Community Shield Coverage, Expands to Mexico

July 23, 2025

Siri’s Cousin? Apple May Add AI Chatbot to Support App

July 10, 2025

TikTok Plans Special US App as It Looks to Stay In the Game

July 8, 2025

Trump Officials Slam ICEBlock as It Tops iPhone App Charts

July 4, 2025
Add A Comment

Comments are closed.

Editors Picks

WundaSmart review: zone your home with this smart heating system

July 21, 2022

Ninja Artisan electric outdoor pizza oven and air fryer review: Easy as pie

July 4, 2025

8 ways level of detail could improve digital twins

June 28, 2022

Garmin Dash Cam Live review

September 4, 2023

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Oppo Find N5 review: Stellar foldable has one big problem

The Naked Gun review: Charged with man’s laughter

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.