Yarbo Android Ios Mobile Application
Monthly
Hard-coded MQTT broker credentials in Yarbo Android and iOS applications allow remote unauthenticated attackers to subscribe to and publish on the cloud MQTT brokers serving the entire global Yarbo robot fleet. Because the credentials are identical across all users and devices and trivially extractable via APK decompilation, anyone knowing a target robot's serial number can read its telemetry or send arbitrary commands. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CISA ICS advisory reflect the systemic, fleet-wide nature of the exposure.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.
Hard-coded MQTT broker credentials in Yarbo Android and iOS applications allow remote unauthenticated attackers to subscribe to and publish on the cloud MQTT brokers serving the entire global Yarbo robot fleet. Because the credentials are identical across all users and devices and trivially extractable via APK decompilation, anyone knowing a target robot's serial number can read its telemetry or send arbitrary commands. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CISA ICS advisory reflect the systemic, fleet-wide nature of the exposure.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.