
A German security expert found a shock flaw in Yarbo smart lawn mowers. Hackers can easily take full control of all active mowers worldwide. This raises big fears about the safety of internet-connected home devices.
Security researcher Andreas Mackris found he could control the lawn mowers. These robots weigh over 90kg. They have cameras, Wi-Fi, and 4G. They also have sharp blades that can cause serious harm.
One Password For All Devices
The main problem, the study shows, is that all Yarbo devices use one 'Root' password. This gives full system access. So, hacking one device opens the door to controlling all devices globally. This was reported by 'slashgear' and seen by 'Al-Arabiya Business'.
Worse, users cannot permanently change this password. It always resets to the default after each system update.
Sensitive Data for Hackers
Once they access the system, hackers can see very sensitive info. This includes:
- User GPS locations.
- Wi-Fi passwords.
- Email addresses.
- Videos from built-in cameras.
Hackers could also use the devices in 'Botnet' networks. They can launch cyber attacks or do illegal things using the victim's internet.
Shock After Company Ignored Warnings
The security researcher contacted the company following the rules for reporting flaws. But the company's response was shocking. They said the shared access was a design choice. It was meant to help with technical support and maintenance.
After ignoring the risks, the researcher shared the details with tech media. They confirmed the hacks themselves.
Devices Near Sensitive Sites
The investigation also found the researcher located some devices near sensitive sites. One was near an important power plant. One user works as a security analyst in the nuclear power sector.
The researcher also found that some device data goes to servers linked to ByteDance. ByteDance owns the 'TikTok' app. Yarbo says it is a New York-based company. But investigations suggest its operations are run from Shenzhen, China.
Company Fixed Only Part of the Problem
The company released updates to fix some app flaws. But the more serious issues with the devices' internal systems are still not fixed.
This incident again highlights the growing security risks of smart, connected devices. This is especially true for those with dangerous mechanical abilities, like robots with sharp blades.
Cybersecurity experts think any device on the home network can become a dangerous entry point. This happens if companies do not follow strict safety rules. Users need to be careful before bringing such devices into their homes.