Yarbo Robot Mower Hacked: Thousands of Bladed Bots at Risk

Key Takeaways

• A security researcher can remotely control every Yarbo robot mower, snowblower, and trimmer worldwide
• Hackers can override the physical emergency stop button with a simple command
• All Yarbo devices share the same root password and run full Linux with a backdoor

A 200-Pound Robot With Blades, Controlled by a Stranger

Sean Hollister, senior editor at The Verge, lay down in the path of a robot lawn mower. The 200-pound machine climbed onto his chest. The person controlling it was nearly 6,000 miles away.

Andreas Makris, a security researcher, had hacked the Yarbo robot mower from across the planet. He wanted to prove a point. He succeeded.

The $5,000 Yarbo robots have security so poor that any hacker can hijack them. Not just one. All of them. Every Yarbo robot mower, snowblower, and trimmer worldwide can be controlled by anyone who finds the same vulnerabilities Makris did.

“I can do whatever I want with all the bots. It's completely unsecured.”

— Andreas Makris, security researcher

Remote Control Is Just the Start

The hack follows a pattern seen before. Earlier, The Verge revealed how researcher Sammy Azdoufal made thousands of DJI Romo robot vacuums identify themselves and follow his commands. Makris found Yarbo robots work the same way. Access to one means access to all.

But robot vacuums don't have spinning blades. Yarbo's devices do.

Hackers can use the robot's built-in commands to override safety features. Even if you press the big red emergency stop button on the mower itself, a hacker can send another command to unlock it, Makris says. The physical button becomes meaningless.

Root Access, Same Password, Full Linux

The Yarbo runs a full Linux computer. It has its own backdoor. The root password is always the same across every device. This combination means hackers could reprogram the robot to do anything.

• Spin up the blades remotely
• Probe your home network for other devices
• Turn the robot into part of a botnet to attack targets on the internet
• Access the robot's built-in camera

One Core, Many Dangerous Attachments

Yarbo was founded in 2015 as a robot snowblower company. It now sells all-in-one yard robots with modular attachments. The same "core" robot, which uses tank treads to drive and climb, can become a lawn mower, leaf blower, snowblower, trimmer, or edger.

This design means all attachments share the same vulnerability. A hacker doesn't need separate exploits for each tool. One hack works for all of them.

The Bigger IoT Security Problem

Yarbo's security failures represent a growing pattern in consumer IoT devices. Companies rush products to market without basic security measures. Identical passwords. No authentication. Backdoors left open. The devices then sit in customers' yards, connected to home networks, waiting to be exploited.

When the device is a smart speaker or thermostat, the risk is privacy invasion. When it's a 200-pound robot with spinning blades, the risk is physical harm.

What Yarbo Owners Should Do Now

Until Yarbo issues a security patch, owners face a difficult choice. The safest option is to disconnect the robot from the internet entirely. This disables remote features but prevents hackers from accessing the device.

Network segmentation offers a partial solution. Place the Yarbo on an isolated network that cannot reach other devices or sensitive systems. This limits the damage if the robot is compromised but doesn't prevent the robot itself from being hijacked.

Frequently Asked Questions

Can hackers control my Yarbo robot mower?

Yes. Security researcher Andreas Makris demonstrated he can remotely control any Yarbo robot worldwide. The devices have no meaningful authentication and share the same root password.

Does the emergency stop button protect against hackers?

No. Makris showed that hackers can send a command to override the emergency stop button remotely, making the physical safety feature useless.

Which Yarbo products are affected?

All Yarbo products that use the modular core system, including lawn mowers, snowblowers, leaf blowers, trimmers, and edgers. They all share the same vulnerable software.

How much does a Yarbo robot cost?

Yarbo robot lawn mowers cost approximately $5,000, making this a significant investment in a device with major security flaws.

What should Yarbo owners do to protect themselves?

The safest option is to disconnect the robot from the internet until Yarbo issues a security patch. Alternatively, place it on an isolated network segment.