Yarbo has issued an official response following a report detailing vulnerabilities in its lawnmower robots, which allowed unauthorized remote access and exposed user data. The company confirmed the findings of security researchers, apologized, and presented an action plan to fix the identified issues.
Technical measures: remote access suspended and root passwords under review 🔒
Yarbo has temporarily disabled remote access to devices while implementing security patches. Among the critical flaws identified is the use of identical root passwords for all robots, an error that allowed an attacker to take full control of any unit. The company assures it is working on a unique authentication system per device and will review its update protocols to prevent future exposures.
The rebellious lawnmower: now also leaks your data 🤖
Because it wasn't enough that the robot decided to prune the flowers instead of the lawn, now it turns out that anyone with a laptop and some time could eavesdrop on your conversations from the garden. Yarbo, at least, had the decency to apologize before its machine becomes the neighborhood gossip. Of course, if your lawnmower starts whistling strange tunes, you know why.