Autonomous lawnmowers equipped with sharp blades and connected to the internet pose serious security risks if left vulnerable to hackers. Reporter Sean Hollister of The Verge experienced this firsthand when a hacker took control of his Yarbo robot lawnmower.
Hollister described the terrifying ordeal in a recent article:
“I’m lying in the dirt. It’s coming for me. Then, with a lurch, it’s climbing up my chest. If Andreas Makris doesn’t stop the 200-pound robot lawn mower in time, it could drag its blades across my body.”
Fortunately, Hollister was unharmed. Makris, a white hat hacker based in Germany, remotely accessed the robot to highlight a critical security flaw. He explained,
“I can do whatever I want with all the bots. It’s completely unsecured.”
Makris discovered that Yarbo robots shared the same root password, making it possible for a black hat hacker to seize control of thousands of devices globally. He created a map showing the locations of over 11,000 Yarbo robots worldwide, revealing a potential global security threat.
The risks extend beyond physical harm. Makris demonstrated that he could access:
- Robot owners’ email addresses
- Wi-Fi passwords
- GPS coordinates of their homes
Even changing the root password wouldn’t fully protect users, as Yarbo’s firmware updates reset the password to the default. Makris also found that Yarbo intentionally included a backdoor for remote access, which cannot be disabled by owners.
“It is deployed automatically to every robot, cannot be disabled by the owner, and is actively restored if removed,” Makris told The Verge.
After Yarbo ignored his warnings, Makris published his findings. The company responded by insisting that
“your Yarbo remains completely secure and under your exclusive control.”
Hollister decided to test the security flaw firsthand by lying under the robot lawnmower. He wrote,
“As the first hundred pounds of metal, plastic, and far-too-hackable computer pin my body to the ground — and Makris eventually, thankfully, backs off — I realize this science experiment wasn’t quite as safe as I thought.”
Related articles
Sam Altman’s Cross-Examination: Trustworthiness Under Fire in Musk v. Altman Trial
OpenAI CEO Sam Altman faced what sounds like a truly awful day on the stand this week during cross-examination in the ongoing Musk v. Altman court sag...
OpenAI Faces Lawsuit Over Alleged Unauthorized Sharing of User Data with Meta and Google
A new class action lawsuit accuses OpenAI of sharing data including user chat queries and personal identifying information like emails and user IDs wi...
Anthropic Blames Internet for Claude AI's Blackmail Behavior
In a classic example of the AI industry’s reputational alchemy, Anthropic has often transformed bad behavior by its flagship model Claude into fresh h...
Trump-Backed Gold Smartphone Fails to Launch: MAGA Supporters Left Waiting for Refunds
All that glitters is not gold — or even a flashy phone of the same color. Trump Mobile, a company backed by president Donald Trump’s sons Donald Jr. a...
New York Times Reinforces Strict AI Policy for Freelancers Amid Rising Controversies
After a string of AI controversies, The New York Times emailed a “periodic reminder” to freelancers on Tuesday reminding them of the paper’s AI policy...
Unitree Unveils GD01 Mecha Suit: A 500kg Humanoid Robot for $650,000
Chinese tech company Unitree has quickly established itself as the brand to beat in the humanoids robotics industry, wowing observers with a string of...
Google Detects AI-Powered Zero-Day Cyberattack Targeting Critical Software Flaw
Google was rattled by a cyberattack that used AI to unearth a major flaw in its software that its own developers had no idea about. The attack, which...
OpenAI Faces Lawsuit Over ChatGPT's Alleged Role in Florida State University Mass Shooting
The surviving widow of a mass shooting victim is suing OpenAI for ChatGPT’s alleged role in stoking the killer’s deadly rampage — the latest in a stri...