How Hackers Can Take Over Your $5,000 Lawn-Mowing Robot From Anywhere in the World

Security researchers have found serious flaws in Yarbo's autonomous lawn mowers that let hackers control the machines remotely. These 200-pound robots have spinning blades, and once a hacker gains access, they can also steal your Wi-Fi password, home address, and personal email address.

The Same Password on Every Robot

Yarbo's lawn mowers all come with the same master password built into the software. Think of it like every front door lock in a neighborhood having an identical master key. Once a hacker figures out that password, they can control any Yarbo robot in the world, no matter where the homeowner lives.

Security researcher Makris showed how serious this is by taking over a Yarbo mower from nearly 6,000 miles away. The hackers can see live video from the robot's camera, pull out your Wi-Fi passwords, and find out exactly where your home is located.

Yarbo originally said the remote controls for these robots couldn't be accessed from outside. That turned out to be false. The controls were accessible to anyone who knew how to look.

When a Robot Becomes a Physical Danger

During a public test, a reporter and security researcher hijacked a Yarbo mower to show how dangerous this could be. The robot nearly ran over the journalist during the demonstration. A 200-pound machine with spinning blades that you can't control is genuinely hazardous.

The problem goes deeper than just one machine. Once hackers break into your mower, they can use it as a way to reach into your home network and find other devices — like your computer or security system. They could also force thousands of hacked mowers to work together to attack websites or steal data on a massive scale.

This Problem Keeps Happening in Robot Technology

Yarbo is not alone. Similar weaknesses have been found in other robotic lawn mowers, including models made by Hookii and ECOVACS.

With ECOVACS mowers, researchers found that the anti-theft PIN code is stored in plain text on the machine — essentially like writing your house key number on the device itself. If someone steals the mower, they can just read off the code and disable the security feature. ECOVACS initially told the public these flaws were too obscure for real-world attacks, and that hackers would need special tools and physical access. But researchers showed that hackers could actually break in remotely using wireless signals, with no special equipment needed.

One major manufacturer handles this differently. John Deere runs an entire department focused on digital security and hires college students specifically trained in cybersecurity. That company has been protecting connected farm equipment in critical situations for years, and it shows in how they approach security from the start rather than fixing it afterward.

The cycle here feels familiar after decades of watching technology evolve. A new consumer gadget launches, it gets connected to the internet without enough security built in, and only after the hack becomes public does the company scramble to fix it. What has changed is how fast the hacks happen now — what used to take months to discover might now take hours using AI tools to find weaknesses automatically.

What This Means for Your Home

These flaws in Yarbo mowers point to a bigger problem with how consumer robots are designed. The decision to use the same password on every unit shows the company prioritized getting the product to market quickly over building solid security foundations.

If you own a compromised mower, the immediate risk is physical — a hacked 200-pound blade-equipped machine you cannot control. Beyond that, your Wi-Fi password has likely been stolen, which means any device that uses that same password is now at risk. You would need to change your network password and check whether other devices were using it.

The broader reality here is that robot technology is moving into homes faster than the companies making it are thinking through security. When a software mistake can translate into a machine you cannot stop, traditional approaches — waiting for a security update after a problem is found — are no longer good enough. These are not just inconvenient problems; they can cause real physical harm.