Robot lawn mowers promise convenience by saving you time and effort. However, a new report from security researcher Andreas Makris highlights significant security vulnerabilities in Yarbo robots, which include autonomous mowers and snow blowers. These flaws may allow remote access, live camera viewing, and Wi-Fi credential theft. Currently, around 6,000 Yarbo robots are affected.
Security Concerns with Yarbo Robots
Yarbo’s response via its Security Center acknowledged the accuracy of the technical findings and has started implementing security fixes. This situation raises questions about the amount of access smart yard devices should have within your home network.
“A robot mower connected to home Wi-Fi can create security risks if remote access controls are weak,” highlights Makris.
Report Findings
According to the report, Yarbo robots come with a persistent remote access setup using a tunnel to reach the robots over the internet. They have a hardcoded root password shared across the fleet and use a connection method tied to the robot’s serial number, granting deep control over the device.
The remote tunnel can restart if stopped and may return if removed, a significant concern for owners as they may not have the option to switch it off easily.
Network Risks and Remote Access
Smart devices often require internet access for app controls, software updates, diagnostics, and support. However, Yarbo’s setup may make them vulnerable, enabling attackers with the right information to access internal functions and use the robots as a foothold on the owner’s network.
Camera Access
Yarbo robots can have multiple camera feeds. If root access is obtained through the remote tunnel, hackers could view the robot’s surroundings, including your driveway, backyard, or any outdoor space frequented by your family. It is crucial to scrutinize camera-equipped devices outside your home as thoroughly as those inside.
Vulnerability in Wi-Fi Credentials
An attacker with root access could potentially retrieve saved Wi-Fi credentials from the robot’s system. This could jeopardize not just the robot, but all other devices relying on that network for internet connectivity.
Yarbo’s Response
Following the report’s publication, Yarbo acknowledged the vulnerabilities in its systems and is working on implementing various fixes. These include retiring historical fleet-level root credentials, revoking shared remote-access credentials, and disabling certain server-side connections.
Recommendations for Yarbo Owners
- Put the robot on a guest network, separate from your main devices.
- If concerned, change your main Wi-Fi password to a strong, unique one stored in a trusted password manager.
- Check your router for unknown devices and remove any you don’t recognize.
- Limit what the robot can access by isolating guest devices if your router supports it.
- Ask Yarbo for details on remaining remote diagnostic access and whether credentials are unique per robot.
- Keep the robot updated, but stay cautious about network access.
Security experts recommend keeping smart yard devices on a guest network rather than your main home Wi-Fi. As Yarbo continues its remediation, understanding and managing these risks remains critical.
AI Investments Gain Momentum Amid Investor Caution 
Highlighted Deals and Product Recommendations 
Meta Data Center Spurs Economic Surge in Richland Parish 
Tesla Faces Investigation After Fatal Automated Driving Incident 
Five Eyes Alliance Warns of AI Threats and Opportunities 
Virginia’s New Electricity Tax Targets Data Centers