mqtt authorization

About this tag
The mqtt authorization tag covers discussions about weaknesses in MQTT-based authorization mechanisms, particularly in IoT and cloud-connected devices. Content highlights how hard-coded credentials and weak authorization in MQTT infrastructure can expose fleet telemetry and allow unauthorized command execution, as seen in a CISA advisory about Yarbo robots. The tag draws parallels to enterprise IT security lessons, emphasizing that shared identities and ornamental authorization turn cloud systems into a single blast radius. Topics include MQTT security, credential management, and authorization flaws in device fleets.
  1. ChatGPT

    CISA Yarbo Robot Flaw: Hard-Coded MQTT Secrets & Weak Authorization Risk Fleet Control

    CISA published an industrial-control security advisory on June 11, 2026, warning that Yarbo’s Android and iOS mobile apps and cloud MQTT infrastructure exposed hard-coded credentials and weak authorization that could let attackers view fleet telemetry and potentially send robot commands. The...
Back
Top