Yarbo issues security update and apology for robot mower vulnerabilities
Following a report by security researcher Andreas Makris, Yarbo has temporarily cut off remote access to its devices and apologised for flaws that exposed user data.
Robot lawn mower manufacturer Yarbo has issued a detailed 1,200-word statement confirming serious security vulnerabilities in its devices following a report by security researcher Andreas Makris. The company has apologised for the flaws, which include identical root passwords across all devices and unauthorised remote backdoors that exposed user data such as GPS coordinates, Wi-Fi credentials, and email addresses.
In response to the findings, Yarbo states it has temporarily cut off remote access to all affected units. The company is rolling out a security firmware update expected within one week to address the immediate risks. Users will need to connect their devices to the internet to apply the patch, though Yarbo notes that keeping a device offline during this period will not affect warranty or service coverage.
While Yarbo promises to implement unique credentials per device and introduce audit logging, it maintains a limited remote backdoor for authorised internal personnel. This decision contradicts previous assurances that such access was fully restricted, sparking questions about why customers cannot opt out of persistent remote tunnels entirely.
The security issues stem from historical design choices in remote diagnostic, credential management, and data-handling systems. Yarbo clarified that some reported issues relate to legacy services and dealer-specific configurations rather than current production units, though it is phasing these out as part of its remediation process.
Yarbo co-founder stated personal accountability for the issues and the company's response, acknowledging that the initial reaction did not adequately reflect the seriousness of the situation. The company has initiated direct communication with Makris and established a dedicated security response channel to manage future vulnerability reports.
Looking ahead, Yarbo is exploring the launch of a formal bug bounty program to encourage responsible disclosure from the independent security community. The goal is to ensure that security, transparency, and user trust are built into the foundation of future Yarbo systems and services.
