IoT

Thousands of Yarbo robotic lawnmowers exposed with identical default passwords

Cybersecurity Alert Critical System Vulnerability Detected

Thousands of Yarbo robotic lawnmowers worldwide have been found to have a critical security flaw, allowing remote access through identical default administrator credentials, based on information published by Tech Radar.

Security researcher Andreas Makris discovered that Yarbo robotic lawnmowers, which operate in over 30 countries and are equipped with cameras, GPS, and AI mapping, used the same default passwords. This vulnerability allowed Makris to access owner email addresses, Wi-Fi passwords, and precise GPS locations, even demonstrating the ability to remotely hijack a 200-pound mower. The Linux-based devices, functioning like internet-connected computers, could theoretically be weaponized by hackers to activate blades, scan networks, or form botnets. The risk is amplified for mowers located near critical infrastructure, such as power plants.

Yarbo, with ties to China and a New York headquarters, has acknowledged the flaws and implemented fixes including disabling remote diagnostic tunnels and resetting passwords. However, concerns remain about the retention of manufacturer remote access, which critics describe as a backdoor, based on information published by Tech Radar.

Source: Tech Radar

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds