Yarbo Robot Lawn Mowers Have Security Flaws That Could Let Strangers Control Your Device

CISA (the Cybersecurity and Infrastructure Security Agency) has issued a warning about security vulnerabilities in Yarbo robotic lawn mowers and snow blowers. The Yarbo system includes a mobile app for Android and iPhone, as well as cloud infrastructure that connects to the robots. The vulnerabilities could allow an attacker to obtain hard coded credentials (built in passwords), gain access to information about how your robot operates, and potentially send commands to control the robot. All versions of the Yarbo mobile app and cloud system are affected. This affects anyone who owns a Yarbo robotic lawn mower or snow blower and uses the mobile app to control it.

If you have a Yarbo device, a hacker could potentially access data about when your robot runs, view information about your property, or even send commands to your device.

While the immediate physical danger is likely low, the idea that someone could remotely control a robot on your property or learn your lawn care schedule (which reveals when you might be away from home) is concerning.

If you own a Yarbo device, take these steps now. First, disconnect your Yarbo robot from your Wi Fi network and stop using the mobile app until the company releases a security update. You can still operate the device manually if it has that option. Second, check the Yarbo website and app store for updates. Install any security updates immediately when they become available. Third, change the password on your Yarbo account. Fourth, review your home Wi Fi security by ensuring you have a strong, unique password on your router and are using WPA3 or WPA2 encryption. This situation highlights an important lesson about smart home devices and internet connected robots. Before buying internet connected devices for your home or yard, research the company's security track record. Choose products from established manufacturers who regularly release security updates. Keep all smart device apps updated. Consider creating a separate Wi Fi network for your smart home devices, isolated from the network your computers and phones use. This way, if one device is compromised, hackers cannot easily access your personal computers and data.