Yarbo shows what happens when a security flaw gets cameras, tracks and blades
Robot security failures become different when the device can move, see and cut.đˇ TECH&SPACE / GPT Image 2.0
- â The Yarbo case shows how IoT flaws become physical safety risks.
- â MQTT, root credentials, camera and GPS access must be treated as safety-critical layers.
- â Autonomous home robots need local fail-safes that do not depend on cloud access.
Andreas Makris wasnât just demonstrating a theoretical vulnerability when he hacked into a Yarbo robot lawn mower from halfway across the world. He was proving a point: these machines are dangerously exposed. The 200-pound robot, designed to autonomously trim lawns, nearly dragged its spinning blades across Makrisâs body as he lay on the groundâall while he was 6,000 miles away, unable to hit the emergency stop button.
The incident, first reported by The Verge, wasnât an accident. It was a controlled test of Yarboâs security flaws, and the results were alarming.
The core issue? A hardcoded root password shared across every Yarbo device. Makris exploited this backdoor to gain full control, overriding safety protocols and spinning up the blades at will. "I can do whatever I want with all the bots," he told researchers. The implications extend far beyond a single lawn mower. With an estimated 5,000 Yarbo units in useâmany equipped with modular attachments for snow blowing and leaf clearingâthe vulnerability turns a household tool into a potential weapon.
A robot mower is not just an app with grass. It is a networked machine with cameras, motors, location data and physical mass.
The problem is not one bug, but a chain between cloud access and physical motion.đˇ TECH&SPACE / GPT Image 2.0
The source material also shows that yarboâs robots are marketed as all-in-one yard care solutions, but their security architecture tells a different story. The company, founded in 2015 as a robot snowblower manufacturer, has expanded its lineup without addressing fundamental flaws. The MQTT protocol used for remote communication, for example, lacks basic encryption, making it trivial for attackers to intercept or spoof commands.
Worse, the robotsâ safety featuresâlike obstacle detection and emergency stopsâcan be disabled with a few lines of code. This isnât just a software bug; itâs a design failure that prioritizes convenience over security.
The real-world risks are stark. A hacker could reprogram a fleet of Yarbo robots to ignore property boundaries, target specific individuals, or even coordinate attacks. The 11,000-strong user base, spread across residential and commercial properties, provides ample opportunity for exploitation. While Makrisâs demo was a controlled experiment, the next intrusion might not be. Regulators have yet to weigh in, but the clock is ticking. Yarboâs responseâwhether a recall, a firmware update, or silenceâwill determine whether these robots remain a threat or become a cautionary tale in IoT security.
