A German researcher, Andreas Makris, has uncovered a textbook security flaw in Yarbo robotic lawnmowers. These devices, weighing over 90 kilograms with blades and cameras, shared a single root password across all active units worldwide. The result: anyone with basic knowledge could take full control of the entire fleet.
A backdoor with Wi-Fi and 4G for the global attack 🛡️
Makris managed to access sensitive customer data, including videos, GPS coordinates, and home Wi-Fi network passwords. The vulnerability not only exposed privacy but also allowed each robot to be turned into a botnet node. With 4G and Wi-Fi connectivity, these devices could execute remote commands without the owner noticing. The flaw lay in hardcoded credentials in the firmware, an error that recurs more often than desirable in the Internet of Things.
The wet dream of any B-movie screenwriter 🤖
Imagine the scene: an army of 90-kilogram lawnmowers with spinning blades, controlled by a hacker with malicious intent. You might think it's the plot of a low-budget horror film, but no: it was real. That said, at least now we know that if your robot goes haywire, it hasn't gained consciousness—it's just some smart aleck using it to mine cryptocurrencies while you try to take a nap.