Zero-Day Advisory

Fortinet Discovers Unprotected Wi-Fi Credentials in eFamilyCloud mobile app for Lingan Intelligent Smart Power Plugs

Summary

Fortinet's FortiGuard Labs has discovered unprotected Wi-Fi credentials on the Android application to manage smart power plugs manufactured by Shenzhen Lingan Intelligent Technology.

The Android application is used to control the smart plugs (set power on/off, etc.) and is connected to a Wi-Fi network. The credentials for the Wi-Fi network are logged in **cleartext** in the smartphone's system logs. As a reminder, system logs are readable by anybody / any application. This action does not require any specific permission or password.

The vulnerability applies to the official application to use with the smart plug. This application is named 'eFamilyCloud' and its latest version (v1.0.8) is vulnerable currently.


Solutions

We detect the vulnerable application as *Riskware/SmartPlug!Android*.

Additional Information

Example of the logs:
```
2018-04-20 09:35:31BindDevicePresenter gggssid: YourSSID_WiFipassword: CENSOREDtoken: EUzoLA6xxxxZHa7
2018-04-20 09:35:31BindDevice gggssidYourSSID_WiFipasswordCENSOREDmodeTY_EZtokenEUzoLA6xxxxZHa7
```

Timeline

- Fortinet reported the vulnerability to Shenzhen Lingan Intelligent Technology on May 15, 2018.
- Fortinet served a second notice on May 22, 2018.

- Fortinet served a third notice on May 25, 2018.

- The vendor did not give any reply.
- Fortinet disclosed the vulnerability on June 22, 2018 by following the Responsible Disclosure policy (https://fortiguard.com/zeroday/responsible-disclosure).


Acknowledgement

This vulnerability was discovered by Axelle Apvrille of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.