Yarbo robot mower security issues may put 6,000 owners at risk of hacking

May 23, 2026

Concerns About Security in Robotic Lawn Mowers

Robotic lawn mowers promise to simplify yard work—mowing the grass, saving time, and generally taking care of a task that many find tedious. However, a new security report has unveiled some troubling issues that go beyond just cutting grass.

According to security researcher Andreas Makris, Yerbo’s robotic products—like their autonomous lawn mowers and snow blowers—have significant vulnerabilities that could allow unauthorized remote access, live camera feeds, and even theft of Wi-Fi credentials. Approximately 6,000 of these devices are affected.

Yarbo has acknowledged these findings through its Security Center, admitting that the report accurately highlighted technical flaws and revealing that they have started implementing a fix. However, this raises serious questions about how much access smart devices should have to our home networks.

Potential Risks of Yarbo Robots

Makris elaborated that Yarbo robots are set up with a persistent remote access feature that allows connectivity via the Internet. The report notes that these robots utilize a hard-coded root password common across the entire fleet and a unique serial number for remote access. Such “root” access is concerning because it provides elevated control over the device. The remote tunnel connections apparently operate automatically, which raises even more red flags for users—especially since there might not be an easy way to disable them from the application.

Why Smart Devices Might Compromise Your Network

Smart gadgets typically need Internet access for functionality, updates, and customer support. But Makris argues that with Yarbo’s configuration, remote access seems to be always on, rather than only functioning when explicitly requested. A knowledgeable hacker could potentially reach the robot remotely and compromise its internal systems, making it a gateway into the home network. So even though a robotic mower might seem innocent as it glides across your lawn, it’s important to remember that it’s connected to Wi-Fi and could be equipped with a camera, putting your privacy at risk.

Privacy Concerns with Automatic Camera Feeds

The report further warns that Yarbo robots may have multiple camera feeds. If someone were to gain root access, there’s a risk they could see the surroundings of the robot—including driveways and backyards—where your family may spend time. This concern isn’t just a minor detail; outdoor cameras often warrant the same privacy considerations as indoor setups.

How Wi-Fi Credentials Can Be Compromised

The dangers extend to Wi-Fi security as well. If an attacker gains root access, they might retrieve saved Wi-Fi credentials from the robot. This is serious because many households operate multiple devices on a single network. If an intruder obtains your Wi-Fi password, they could potentially access other connected devices, creating vulnerabilities you never considered.

Yarbo’s Response

After the report’s release, Yarbo responded by admitting to significant vulnerabilities related to various systems. Co-founder Kenneth Coleman acknowledged that the initial response did not reflect the grave nature of the problems. Yarbo attributed these issues largely to past design decisions, indicating that their legacy tools fail to offer adequate visibility and control over security.

What Fixes Have Been Implemented?

Yarbo claims they have made several corrective actions since the report surfaced. They’ve reportedly eliminated shared root credentials and disabled certain remote access pathways. The updated Yarbo app now excludes static credentials that could potentially allow direct backend access. However, they also warn that more work remains, aiming to provide individually scoped credentials for each device.

Data Connection Privacy Issues

The report implicates Yarbo’s parent company and other affiliates in questionable data practices. Some telemetry data may be sent to external platforms, and certain aspects of how the robots connect could compromise user privacy.

Steps for Owners to Protect Themselves

If you have a Yarbo robot, consider treating it like any other connected device that has access to your home network. Yarbo states that security updates will be automatically pushed to devices; thus, owners should keep the robots connected for adequate periods. It may also be wise to switch to a guest network for these devices.

Here Are Some Practical Tips:

1) Use a Guest Network: Avoid connecting the robot to your main Wi-Fi network. If possible, set it up on a guest network.
2) Update Your Wi-Fi Password: If it’s connected to your main Wi-Fi, consider changing the password to something secure.
3) Check for Unknown Devices: Regularly check your router for unrecognized devices and remove any that you don’t recognize.
4) Limit Robot Access: Some routers allow you to isolate guest devices from others. Enable this feature if available.
5) Ask Specific Questions: Reach out to Yarbo to inquire about what remote access remains and whether individual credentials exist.
6) Stay Updated: Make sure your robot is up-to-date with the latest security measures.

In closing, Yarbo’s report serves as a cautionary tale about the hidden risks that can accompany convenience. While robotic mowers appear to be handy tools for yard maintenance, they come with concerns about control and security that every owner should consider seriously. It’s essential to understand who has access to your devices and how they can impact your home network. If you have concerns about security, it might be time to make some adjustments and ask the right questions before investing in smart yard tech.