Thousands of Robot Lawnmowers Found Vulnerable to Hacking

A German security researcher, Andreas Makris, has discovered a set of vulnerabilities in Yarbo's internet-connected robot lawnmowers, affecting over 11,000 devices worldwide. The vulnerabilities allow the machines to be remotely accessed and controlled, posing risks to both physical safety and privacy.

The researcher found that the robots shared the same hardcoded root password and included a backdoor that could be used for remote access, allowing hackers to spin up the blades, probe a home network, and potentially fold the devices into a botnet.

The vulnerabilities also allow access to owners' email addresses, Wi-Fi passwords, and GPS coordinates, as well as camera feeds, making the compromised mower a potential surveillance device and physical hazard.

The company, Yarbo, has acknowledged the problem and is working on remediation, including stronger access controls, improved authentication, and greater user visibility over remote diagnostic features.

The incident highlights the importance of security in connected devices, and users are advised to keep firmware updated, review remote-access settings, and isolate devices on separate home networks where possible. The company's response includes the creation of a dedicated security response centre, and users can expect further updates on the remediation efforts in the coming days.