Security researcher Andreas Makris remotely compromised a Yarbo robot lawn mower to expose critical vulnerabilities in the device's safety systems.
Makris demonstrated the exploit by taking control of the 200-pound autonomous mower from across the planet, commanding it to move toward a person lying in its path. The hack revealed that the device lacks adequate safeguards to prevent remote manipulation, even by operators with no physical access to emergency controls.
The attack exposes a significant gap in IoT device security. Robot lawn mowers increasingly connect to cloud services and mobile apps, but manufacturers often prioritize convenience over safety isolation. Yarbo's system allowed unauthenticated remote access without requiring verification of operator location or intent.
The vulnerability could allow attackers to disable safety features, override emergency stops, or activate cutting mechanisms unexpectedly. This proof-of-concept raises questions about security standards across the consumer robotics industry.
Makris' demonstration underscores growing risks in connected home devices. As more autonomous equipment enters households, manufacturers must implement cryptographic authentication, geofencing, and hardwired safety overrides that cannot be disabled remotely.
The FBI has taken control of websites operated by Alarum Technologies Ltd., marking a significant enforcement action against the proxy network industry. The move signals increased federal scrutiny of services that mask user identities online.
xAI, owned by Elon Musk, is suing a South Carolina man who allegedly used the Grok AI chatbot to generate child sexual abuse material (CSAM). Terry Wayne Harwood faces eight felony charges after his arrest in February.
Meta has issued conflicting statements about NameTag, a face recognition system reported by WIRED. Company executives have offered unclear remarks on whether the technology actually exists.
Zoom has disclosed a critical vulnerability affecting its Windows desktop client and SDK that allows unauthenticated attackers to hijack user accounts. The company has released patches to address the security issue.