Dangerous robots: German researchers reveal 11,000 robot lawn mowers around the world could be hacked and controlled World News

A German security researcher has revealed a series of critical vulnerabilities in Yarbo’s connected robotic lawn mowers, showing that the machines can be remotely accessed and controlled from anywhere in the world. In a live demonstration reported by The Verge, Andreas Makris was able to drive a Yarbo unit nearly 6,000 miles away, with the reporter even lying in the path of the lawnmower to show how dangerous the flaw could be. The investigation said the issue, which affects more than 11,000 devices worldwide, raises not only privacy concerns but also personal safety concerns as the robots carry rotating blades and can operate autonomously in people’s yards.

How hackers remotely controlled thousands of robotic lawn mowers

Makris’ findings focused on a series of weaknesses in Yarbo’s remote diagnostics, credential management and data processing systems. Researchers found that the bots shared the same hard-coded root password, and the firmware also contained a backdoor that could be used for remote access. According to reports, these devices can spin blades, probe home networks, and potentially integrate into botnets.The risks are not limited to digital access. Makris was reportedly able to obtain homeowners’ email addresses, Wi-Fi passwords and the precise GPS coordinates of their homes from the system, while also gaining access to camera information. This means that a damaged lawnmower can become both a surveillance device and a physical hazard. A live demonstration showed a remotely controlled robot moving toward reporters, highlighting how ordinary yard machines can become dangerous if security holes are exploited.

Exposure scale

Makris is reportedly tracking more than 11,000 Yarbo devices around the world, with about 5,400 of them spread across the United States and Europe at the time of the demonstration. The report also noted that the company sells modular yard robots capable of being used as lawn mowers, leaf blowers, snow blowers, trimmers or edgers, all powered by the same core machine. This architecture means that these vulnerabilities may affect multiple products in the Yarbo product line.

CVE explains technical risks

The disclosure is supported by multiple officially tracked security vulnerabilities. According to the National Vulnerability Database, a flaw involves a hidden backdoor within the Yarbo firmware that could allow remote access to the robot without proper authentication. Researchers say the backdoor cannot be disabled through normal user settings and will remain active even after a factory reset or software update.Another vulnerability involves the lawnmower’s MQTT communication system, which reportedly allows anonymous connections without appropriate security restrictions. In short, someone on the same network could intercept sensitive data or send commands directly to the bot.A separate security advisory also revealed that Yarbo devices reportedly use the same built-in administrator username and password on all computers. Users cannot permanently change or delete these credentials, meaning anyone who discovers them could potentially gain deep access to the lawnmower’s internal systems and remote management controls, the researchers said.

How Yabo responded

Yabo later acknowledged the issue in an official update and said the core technology findings were accurate. The company said it has temporarily cut off remote access and is taking remedial measures, including tightening access controls, improving authentication, increasing user visibility of remote diagnostic capabilities, and reducing unnecessary legacy support mechanisms. A follow-up report from The Verge said Yarbo had also apologized and set up a dedicated security response center.

What users of connected devices should get out of it

The incident demonstrates why owners should be wary of devices that rely on cloud access and remote diagnostics. For robotic lawn mowers and other IoT products, the safest approach is to keep firmware updated, check remote access settings, isolate devices on separate home networks when possible, and pay attention to vendor security disclosures. In Yarbo’s case, the official response suggested some remediation was underway, but the disclosure itself showed how convenience can quickly turn into exposure when security measures come too late.