Yarbo has published a 1,200-word security response confirming that its robot lawn mowers can be hijacked by casual attackers, exposing GPS coordinates, Wi-Fi passwords, and email addresses. The company has already cut off remote access as an emergency measure while it works through a structured remediation plan.
The original report showed how thousands of Yarbo's bladed robots, sold in the US and running on Chinese infrastructure, were trivially vulnerable via an unsecured MQTT broker. A security researcher demonstrated the exploit by remotely driving one of the mowers directly into the reporter. The full disclosure is worth reading not just for the conclusion but for the specific attack surface: open broker access, no authentication, real-time GPS telemetry exposed to anyone who looked.
Yarbo's response is unusually detailed for a consumer robotics company caught this flat-footed, which makes it worth reading in full. The key question now is whether the fix holds and whether the underlying architecture, a cloud-dependent Chinese platform controlling physical bladed hardware in American yards, gets the structural rethink it needs.
[READ ORIGINAL →]