A security researcher remotely hijacked Yarbo robot lawn mowers to expose severe security flaws, demonstrating control over units globally.

The researcher disclosed serious vulnerabilities in Yarbo’s internet-connected mowers, revealing a backdoor that cannot currently be disabled and exposure of owners’ private data.

Questions are raised about Yarbo’s security practices, including apparent gaps in bug bounty programs and remote-access policies, with the company acknowledging planned improvements but disputing the severity of the risk.

Yarbo units have been found in diverse settings—from businesses to universities and government facilities—with at least one unit identified near a nuclear power plant.

The operating system exposes Wi‑Fi passwords in clear text, enabling potential attacks on users’ networks and connected devices.

Security flaws are compounded by transparency issues: the Android app shows a Shenzhen-based parent company (Hanyangtech) despite Yarbo’s New York HQ, and telemetry reportedly routes through ByteDance servers.

The Verge ties Yarbo’s issues to broader IoT security concerns, urging manufacturers to implement transparent access controls and stronger safeguards against remote hijacking.

Each Yarbo robot runs an Arm Linux computer with the same root password across units, allowing full OS control; firmware updates reportedly reset credentials to defaults.

Key flaws include a hardcoded root password that resets after firmware updates, an undeletable remote-access backdoor, and remote diagnostics that can be abused to gain control, camera access, or network access.

Interviews with homeowners and a former network engineer stress treating insecure gadgets as threats, likening the risk to a chainsaw without safety features.

Yarbo says it is investigating the issues and has developed fixes for some problems, while the researcher argues public disclosure was necessary to spur remediation.

Yarbo’s modular design means vulnerabilities in the core could affect multiple devices that share the central system and capabilities across lawn mowers, snowblowers, leaf blowers, and more.