$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

Cybersecurity researchers at Bishop Fox have revealed security vulnerabilities in the popular, inexpensive YoLink Smart Hub (v0382), leaving users exposed to remote attackers. The hub that costs just $20 serves as a central gateway that manages all connected smart locks, sensors, and plugs. These vulnerabilities, publicly disclosed today and tracked under four separate CVEs, show the risks involved in connecting low-cost devices to our homes.

How Hackers Can Take Over Your YoLink Devices

Beginning their work “earlier this year,” researchers discovered multiple zero-day vulnerabilities (flaws previously unknown and unpatched). They physically examined the device, noting that it used a common ESP32 System-on-Chip. This allowed them to immediately analyse its inner workings.

As ...