They have the admin password to their MQTT broker hardcoded in their end device firmware. Okay. That’s… not very smart.
I like the PoC video on the Ars Technica article where the guy uses MQTT explorer to log into their broker and has access to the entire traffic of all their customers. In realtime.
How can something like that even be on the market. The sheer incompetence of their dev team is mind boggling.
Just ordered me something different to use. Wow.