Your $5,000 Yarbo robot mower sits in the garage, promising automated yard perfection. Meanwhile, a hacker halfway across the globe can fire up its spinning blades and drive it straight toward your front door. This isn’t a Black Mirror episode—it’s reality for roughly 11,000 Yarbo owners worldwide.
Security researcher Andreas Makris discovered that every single Yarbo robot contains hardcoded passwords, intentional backdoors, and safety systems that can be overridden remotely. “I can do whatever I want with all the bots. It’s completely unsecured,” Makris told The Verge. Even pressing the emergency stop button won’t save you if someone’s controlling your mower from another continent.
The demonstration was visceral: Makris hijacked operational Yarbo units mid-mowing session from Germany, overriding emergency stops and spinning blades at will. The 100-pound machines with tank-tread propulsion can be weaponized without the owner ever knowing.
Your Personal Data Is Rolling Around the Yard
Hackers can extract Wi-Fi passwords, email addresses, and precise GPS coordinates from hijacked devices.
The violation goes deeper than runaway lawn equipment. Makris demonstrated how attackers can harvest:
- Owner email addresses
- Wi-Fi network passwords
- GPS coordinates accurate enough to pinpoint exact home addresses
He even accessed live camera feeds from the robots’ navigation systems, turning your yard bot into a surveillance drone.
Wayne Yu, a Yarbo owner in California, initially shrugged off the security concerns. His attitude shifted when Makris showed him the Wi-Fi passwords and residential coordinates extracted from his device. “Not good. Not good,” Yu said, watching his private information displayed on a stranger’s screen.
The scope extends beyond individual privacy breaches. Makris identified 12 Yarbo robots within 3 kilometers of a major power plant, raising national security implications when autonomous devices with cameras can be controlled by unknown actors.
Corporate Smoke and Mirrors
Yarbo’s response reveals a company more focused on marketing than security fundamentals.
When Makris first contacted Yarbo about the vulnerabilities, customer support dismissed the backdoor as a harmless “diagnostic tool.” The company’s credibility took another hit when investigators discovered Yarbo’s marketed Manhattan headquarters was actually a single office shared with auto detailers and an Etsy shop selling spiked leather bracelets.
Following public disclosure, Yarbo promised firmware patches and new security measures. But here’s the kicker: their automatic updates have been resetting user passwords back to factory defaults, re-exposing patched devices. The intentional backdoor “cannot be disabled by the owner, and is actively restored if removed,” according to Makris’s analysis.
As retired network architect Matt Petach put it, Yarbo’s security resembles “a chainsaw without a handguard, without a brake, with a loose chain that’s ready to take your leg off.” This follows the depressingly familiar IoT playbook—ship first, secure never. Your smart home devices aren’t just collecting dust; they’re collecting your most sensitive data while leaving the front door wide open. Consider investing in proper security systems to protect against these emerging threats.
