Yarbo robots, sold for $1,500 to $5,000, have a persistent SSH backdoor via NAT punching, exposing root access to anyone with the robot’s serial number. The backdoor is implemented through a FRP client that opens a permanent tunnel to a Yarbo-controlled server, with hardcoded credentials and no opt-out for users. This vulnerability, along with shared MQTT credentials and hardcoded developer credentials, poses a significant security risk to users’ home networks.

Yarbo robots have a permanent outbound SSH tunnel with PermitRootLogin enabled, accessible via a hardcoded root password and the robot’s serial number. This remote access is force-deployed and cannot be easily disabled by the owner, posing a significant security risk. Despite Yarbo’s claims of controlled access, the lack of individual access controls and the inability to disable the feature raise concerns about user privacy and security.

The Yarbo robot fleet uses MQTT for command-and-control, with hardcoded credentials allowing unauthorized access to the entire fleet. The fleet also sends telemetry data to ByteDance’s Feishu platform and uses a Chinese DNS resolver. Additionally, a single credential controls multiple systems, including FRP SSH tunnels and MQTT access, posing a significant security risk.

Yarbo robots running firmware v2.x have hardcoded credentials and MQTT endpoints, allowing attackers to intercept telemetry, inject commands, track locations, and gain root access. These vulnerabilities enable attackers to perform network pivoting, extract Wi-Fi credentials, and conduct live camera surveillance. The only reliable mitigation for owners is to physically isolate the device from the internet, as Yarbo can update components and re-establish the FRP tunnel.