11,000 Yarbo Robot Lawn Mowers Can Be Hacked and Controlled Remotely

A German security researcher named Andreas Makris has found serious security weaknesses in Yarbo's robot lawn mowers. These flaws allow someone from anywhere in the world to take control of over 11,000 of these robots. The hacker could also steal the Wi-Fi passwords that owners use to connect these devices to their home networks.

Yarbo makes modular robots that can handle multiple yard tasks—lawn mowing, snow blowing, and leaf clearing—from one basic platform. These are expensive, premium machines marketed to homeowners with larger properties.

What's Actually Vulnerable

The problem lies in how these robots connect to the internet. Yarbo uses cloud connectivity (a connection to the company's computers over the internet) that has a critical flaw. According to research findings, Times of India, all Yarbo robots use the same password to authenticate, or verify, themselves when they connect to the cloud. Think of it like every house on a street using the same front door key—once someone has that key, they can open every door.

This is a fundamental mistake in security design. Each device should have its own unique password or identification code, not a shared one.

The exposure goes deeper. TechSpot reports that the same vulnerabilities expose the Wi-Fi passwords that owners use at home. If an attacker gains access to a robot, they can steal the household's Wi-Fi password and use it to break into other devices on that same network—computers, phones, smart TVs, and anything else connected to that Wi-Fi.

Why This Matters Beyond Just the Mower

These aren't small devices. Yarbo's lawn mower units weigh about 200 pounds and can cut grass on properties up to 6.2 acres. They can navigate steep slopes and feature adjustable cutting heights. The snow blower attachment can push snow up to 40 feet across a 21-inch path.

The physical size and power of these machines creates a different kind of risk than a hacked security camera or thermostat. An attacker who gains control could potentially cause property damage or create safety hazards by operating the machine without the owner's knowledge.

The Bigger Picture

We have seen this story before. In the mid-2010s, when smart home devices first became popular, many manufacturers rushed to add internet connectivity without thinking through security. The result was widespread hacking of webcams, routers, and other devices that were all used together to launch large-scale cyber attacks. The lessons from that era should have taught the industry better, yet vulnerabilities like this one keep appearing in new products.

Yarbo is a relatively new company selling premium products with good customer service, including a two-year warranty and a 30-day money-back guarantee. Yet premium pricing and excellent service do not guarantee secure products. These robots likely represent millions of dollars in equipment sitting in yards around the world, all of them vulnerable to basic security mistakes.

The situation is made worse by the fact that even if Yarbo releases a software fix, the Wi-Fi passwords that were already exposed remain compromised. Attackers could use those stolen passwords to maintain access to home networks through other devices, creating a persistent backdoor that isn't solved by simply updating the mower.

What Happens Now

Government regulators around the world are beginning to set rules for how connected devices must be built. The European Union's Cyber Resilience Act specifically targets these kinds of security failures. As more rules like this take effect, companies that sell internet-connected products will have to meet much stricter standards.

For homeowners or businesses that own Yarbo robots, the immediate step is to wait for security updates from the company and apply them as soon as they become available. For anyone managing larger facilities with connected equipment, this incident is a reminder that network isolation—keeping these devices on a separate part of your network from your most important systems—becomes critical until vendors prove they can build these machines securely.