TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Bishop Fox

YoSmart YoLink Hub version 0382

2025-10-02 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
97%
“" : " d88b [ redacted ] ", " producer " : { " type " : " app ", " channel " : " app ", " endpointid " : " ncerne " } } 0.... / ys / d88 [ redacted ] / tx { " method " : " mflock. getstate ", " params " : null, " targetdevice " : " d88b [ redacted ] ", " producer " : { " type " : …”
T1040Network Sniffing
97%
“they could be intercepted from wi - fi packets transmitted in close proximity. to demonstrate this, bishop fox staff intercepted wi - fi packets using airodump - ng in monitor mode : % sudo airodump - ng – bssid [ router _ bssid ] - - channel [ channel _ number ] - w capture [ in…”
T1190Exploit Public-Facing Application
85%
“##pointid " : " ncerne " } }.. figure 8 - mqtt packets sent by the mobile application an attacker could exploit this vulnerability to capture the device id ( for use with the issue discussed in the insufficient authorization controls – mqtt broker finding ), the device or mobile …”
T1557Adversary-in-the-Middle
48%
“staff could interact with mqtt topics intended for the yolink smart hub. bishop fox staff observed that it did not appear that the devices could be controlled using their own mqtt credentials because any attempts to authenticate would disrupt the device ’ s active mqtt connection…”
T1190Exploit Public-Facing Application
31%
“##88b [ redacted ] / tx, payload = 165byte, qos = at _ most _ once, retain = false } … omitted for brevity … figure 4 - publishing to smart lock mqtt topic with unauthorized account by exploiting this issue, an attacker could potentially open doors secured using yolink locks or c…”

Summary

The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382.