A German researcher, Andreas Makris, has uncovered a textbook security flaw in Yarbo robotic lawnmowers. These devices, weighing over 90 kilos with blades and cameras, shared the same root password across all active units worldwide. The result: anyone with basic knowledge could take full control of the entire fleet.
A backdoor with Wi-Fi and 4G for a global attack 🛡️
Makris managed to access sensitive customer data, such as videos, GPS coordinates, and home Wi-Fi network passwords. The vulnerability not only exposed privacy but also allowed each robot to be turned into a botnet node. With 4G and Wi-Fi connectivity, these devices could execute remote commands without the owner noticing. The flaw lay in hardcoded credentials in the firmware, an error that repeats itself more often than desirable in the Internet of Things.
The wet dream of any B-movie screenwriter 🤖
Imagine the scene: an army of 90-kilo lawnmowers with spinning blades, controlled by a hacker with a penchant for evil. You might think it's the plot of a low-budget horror movie, but no: it was real. Of course, at least now we know that if your robot goes haywire, it's not that it has gained consciousness; it's that some smart aleck is using it to mine cryptocurrencies while you try to take a nap.