Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.

Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: every robot shared the same hardcoded root password, remote tunnels were left open, and Message Queuing Telemetry Transport (MQTT) messaging was so weakly protected that once you had one device, you effectively had the worldwide fleet.

An attacker could pull GPS coordinates, email addresses, and Wi‑Fi passwords, turn cameras into remote spying tools, and even re‑arm the mower after someone hit the emergency stop.

All of this was enabled by a persistent backdoor tunnel that users could neither see nor meaningfully control. The risks fell into three very different buckets:

A heavy mower with remotely controllable blades and an emergency stop that can be bypassed is a real-world safety hazard.

Yarbo responds to robot flaws that could mow down their owners

Other newsrooms on this story

Related reading

A hacker ran me over with a robot lawn mower

One man accidentally gained access to thousands of robot vacuums, exposing the…

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

Spanish engineer reports flaw in ‘smart’ vacuums after gaining control of 7,000…

Hackable Robot Lawn Mower Unlocks a New Nightmare

Roborock graduates from vacuuming your house to mowing your lawn