Yarbo Robot Mower Hacked: Thousands of Bladed Bots at Risk
Key Takeaways
- A security researcher can remotely control every Yarbo robot mower, snowblower, and trimmer worldwide
- Hackers can override the physical emergency stop button with a simple command
- All Yarbo devices share the same root password and run full Linux with a backdoor
A 200-Pound Robot With Blades, Controlled by a Stranger
Sean Hollister, senior editor at The Verge, lay down in the path of a robot lawn mower. The 200-pound machine climbed onto his chest. The person controlling it was nearly 6,000 miles away.
Andreas Makris, a security researcher, had hacked the Yarbo robot mower from across the planet. He wanted to prove a point. He succeeded.
The $5,000 Yarbo robots have security so poor that any hacker can hijack them. Not just one. All of them. Every Yarbo robot mower, snowblower, and trimmer worldwide can be controlled by anyone who finds the same vulnerabilities Makris did.
“I can do whatever I want with all the bots. It's completely unsecured.”
— Andreas Makris, security researcher
Remote Control Is Just the Start
The hack follows a pattern seen before. Earlier, The Verge revealed how researcher Sammy Azdoufal made thousands of DJI Romo robot vacuums identify themselves and follow his commands. Makris found Yarbo robots work the same way. Access to one means access to all.
But robot vacuums don't have spinning blades. Yarbo's devices do.
Hackers can use the robot's built-in commands to override safety features. Even if you press the big red emergency stop button on the mower itself, a hacker can send another command to unlock it, Makris says. The physical button becomes meaningless.
Root Access, Same Password, Full Linux
The Yarbo runs a full Linux computer. It has its own backdoor. The root password is always the same across every device. This combination means hackers could reprogram the robot to do anything.
- Spin up the blades remotely
- Probe your home network for other devices
- Turn the robot into part of a botnet to attack targets on the internet
- Access the robot's built-in camera
One Core, Many Dangerous Attachments
Yarbo was founded in 2015 as a robot snowblower company. It now sells all-in-one yard robots with modular attachments. The same "core" robot, which uses tank treads to drive and climb, can become a lawn mower, leaf blower, snowblower, trimmer, or edger.
This design means all attachments share the same vulnerability. A hacker doesn't need separate exploits for each tool. One hack works for all of them.
The Bigger IoT Security Problem
Yarbo's security failures represent a growing pattern in consumer IoT devices. Companies rush products to market without basic security measures. Identical passwords. No authentication. Backdoors left open. The devices then sit in customers' yards, connected to home networks, waiting to be exploited.
When the device is a smart speaker or thermostat, the risk is privacy invasion. When it's a 200-pound robot with spinning blades, the risk is physical harm.
Logicity's Take
What Yarbo Owners Should Do Now
Until Yarbo issues a security patch, owners face a difficult choice. The safest option is to disconnect the robot from the internet entirely. This disables remote features but prevents hackers from accessing the device.
Network segmentation offers a partial solution. Place the Yarbo on an isolated network that cannot reach other devices or sensitive systems. This limits the damage if the robot is compromised but doesn't prevent the robot itself from being hijacked.
Network-level controls can help isolate vulnerable IoT devices
Frequently Asked Questions
Can hackers control my Yarbo robot mower?
Yes. Security researcher Andreas Makris demonstrated he can remotely control any Yarbo robot worldwide. The devices have no meaningful authentication and share the same root password.
Does the emergency stop button protect against hackers?
No. Makris showed that hackers can send a command to override the emergency stop button remotely, making the physical safety feature useless.
Which Yarbo products are affected?
All Yarbo products that use the modular core system, including lawn mowers, snowblowers, leaf blowers, trimmers, and edgers. They all share the same vulnerable software.
How much does a Yarbo robot cost?
Yarbo robot lawn mowers cost approximately $5,000, making this a significant investment in a device with major security flaws.
What should Yarbo owners do to protect themselves?
The safest option is to disconnect the robot from the internet until Yarbo issues a security patch. Alternatively, place it on an isolated network segment.
Need Help Implementing This?
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
6 Hulu Miniseries You Can Binge in a Weekend
Hulu's miniseries library offers complete stories in 12 episodes or fewer. These six picks deliver critically acclaimed performances and strong book adaptations without the multi-season commitment.
Anthropic vs European AI: Can Startups Survive the LLM Giants?
Anthropic's latest product releases directly compete with European AI startups like Loveable and Legora, raising hard questions about whether companies built on third-party models can defend their market position. The Sifted podcast also covers European fintechs racing to access Anthropic's new Mythos model and a potential deal with UK chip maker Fractile.
Samsung Galaxy Book6 Ultra Review: $3,800 for a Bad Keyboard
Samsung's Galaxy Book6 Ultra copies the MacBook Pro's design so closely that reviewers use wrong keyboard shortcuts out of habit. But at $3,800, it comes with a terrible keyboard, a poor webcam, and performance that doesn't match Apple's flagship. The Verge gave it a 5 out of 10.