You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
mqtt authorization
About this tag
The mqtt authorization tag covers discussions about weaknesses in MQTT-based authorization mechanisms, particularly in IoT and cloud-connected devices. Content highlights how hard-coded credentials and weak authorization in MQTT infrastructure can expose fleet telemetry and allow unauthorized command execution, as seen in a CISA advisory about Yarbo robots. The tag draws parallels to enterprise IT security lessons, emphasizing that shared identities and ornamental authorization turn cloud systems into a single blast radius. Topics include MQTT security, credential management, and authorization flaws in device fleets.
CISA published an industrial-control security advisory on June 11, 2026, warning that Yarbo’s Android and iOS mobile apps and cloud MQTT infrastructure exposed hard-coded credentials and weak authorization that could let attackers view fleet telemetry and potentially send robot commands. The...