Security flaw turns robot lawn mowers into remote-controlled hazards

Security researchers often uncover hidden dangers in everyday devices, but few discoveries hit as close to home as the recent remote hijacking of a Yarbo robot lawn mower. In a dramatic live demonstration, Andreas Makris, a cybersecurity expert, took control of a 200-pound autonomous mower from nearly 6,000 miles away. His goal wasn’t mischief—it was exposing critical security flaws that could transform these smart yard tools into unexpected hazards.

The scene was tense. A journalist lay in the mower’s path as Makris remotely activated the machine, sending it crawling toward its target at full speed. Only quick reflexes prevented the blades from making contact with the person lying on the ground. This wasn’t an isolated test—it was proof of how easily an attacker could weaponize a seemingly harmless household appliance.

How a simple connection exposed the mower’s vulnerabilities

Makris’s investigation began with a routine scan of Yarbo’s robot lawn mowers. What he found was alarming: an unsecured MQTT protocol used for device communication, combined with weak authentication mechanisms. MQTT is a lightweight messaging protocol commonly used in IoT devices, but when improperly secured, it becomes a gateway for unauthorized access.

The security gaps were not subtle. The mower’s camera feed was accessible without encryption, allowing anyone to view live footage remotely. Worse, the emergency stop mechanism could be disabled via the same unprotected connection, leaving users powerless to halt the machine once it was commandeered. Makris discovered that by exploiting these flaws, an attacker could:

• Gain full control over the mower’s movement and blade operation
• Access live video feeds from the device’s onboard camera
• Disable emergency stop features, rendering the mower unstoppable
• Potentially pivot to other connected devices on the same network

The implications extend beyond lawn care. If a robot lawn mower can be hijacked, similar vulnerabilities likely exist in other consumer IoT devices—smart home systems, robotic vacuums, or even agricultural machinery. Yarbo’s oversight highlights a broader issue in the IoT ecosystem: manufacturers prioritizing convenience over security, leaving users exposed to real-world risks.

Yarbo responds with firmware updates, but risks remain

Following Makris’s disclosure, Yarbo released emergency firmware patches to address the identified flaws. The company confirmed that the vulnerabilities affected multiple models and urged users to update their devices immediately. In a statement, Yarbo emphasized its commitment to safety and claimed the issues were resolved in subsequent software versions.

Yet security researchers caution that these fixes may not be enough. Firmware updates can patch known vulnerabilities, but they don’t address deeper design flaws—like the use of unencrypted protocols or inadequate access controls. For users, the lesson is clear: even after updates, smart devices remain potential attack vectors. Regular security audits and network segmentation are critical to mitigating risks.

The incident also raises questions about industry accountability. Yarbo is not alone in overlooking IoT security; many manufacturers rush products to market without rigorous testing. Regulatory bodies and consumer advocacy groups are increasingly calling for mandatory security standards for connected devices. Until those measures are in place, incidents like Makris’s demonstration will likely become more frequent.

What users can do to protect themselves today

While manufacturers work to close security gaps, users don’t have to wait for perfect solutions. Simple steps can reduce exposure to similar risks:

• Immediately install firmware updates from trusted sources
• Disable unnecessary remote access features on IoT devices
• Use strong, unique passwords for device accounts and Wi-Fi networks
• Segment IoT devices on a separate network from primary computing devices
• Monitor device behavior for unusual activity, such as unexpected movements or unexplained connections

The rise of autonomous yard tools reflects a broader trend toward smart home automation. Yet convenience should never come at the cost of safety. As Makris’s demonstration proved, what starts as a novelty can quickly become a real danger. The challenge now is ensuring that innovation in robotics is matched by equal advancements in security—before the next hack turns a helpful machine into a weapon.