Markus Lassfolk

**Name of the Vulnerable Software and Affected Versions** Yarbo Android and iOS applications (affected versions not specified) **Description** The Android and iOS applications contain hard-coded MQTT broker credentials that are identical across all users and devices. These credentials, embedded in the application binary, can be extracted through APK decompilation. This allows unauthorized access to cloud MQTT brokers that handle real-time telemetry for the global robot fleet. An attacker can use these credentials to perform wildcard subscriptions to all robot telemetry topics or publish messages to any robot's command topic by providing the robot's serial number. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yarbo cloud (affected versions not specified) **Description** The cloud service fails to enforce per-device or per-user authorization. A client with valid credentials, including shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics that cover all robots globally. Additionally, an attacker can publish to any robot's command topic by using the robot's serial number, which is disclosed in the telemetry stream. This lack of per-device access controls allows a single compromised credential to provide fleet-wide access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.