Functionality and Security Analysis of the Yuyang King Bluetooth App for Smart Device Control
The app provides several dashboards and configuration screens: Yuyangking Bluetooth adapter installation on Venom Evader yuyang king bluetooth app
| Issue | Severity | Explanation | |-------|----------|-------------| | No encryption | High | BLE communication is transmitted in plaintext; anyone within range can sniff commands using nRF Connect or Wireshark. | | Static pairing key | Medium | Many Yuyang devices use a fixed PIN (e.g., 000000 or 123456), making them vulnerable to replay attacks. | | Overbroad permissions | Low-Medium | Requests location even when not needed for BLE scanning on newer Android versions. | | Third-party APK risk | High | Versions downloaded from non-Play sources may contain malware or trackers (e.g., com.yuyang.king has been flagged by some antivirus for adware). | | No firmware update mechanism | Medium | Vulnerabilities in the device firmware cannot be patched. | Title: Functionality and Security Analysis of the Yuyang
The printer began spitting out not spreadsheets, but ancient Chinese poetry about the futility of labor. The air conditioner maintained a perfect 22°C but whispered "sleep… sleep…" through its vents. And Director Sun’s speaker, at maximum volume, began looping her off-key rendition of "I Will Always Love You" from the company retreat. | | Third-party APK risk | High |