Remote Hacker Gains Control of Yarbo Robot Lawn Mower from 6,000 Miles Away in Security Demo

A security researcher remotely hijacked a Yarbo robot lawn mower and brought its 200-pound frame to a controlled stop just as it began climbing a reporter's chest, demonstrating critical security vulnerabilities in the device. Andreas Makris, operating from the other side of the planet, exploited those flaws to seize full control of the mower while the reporter lay in its path—a calculated risk to illustrate exactly how far the attack could be pushed. The demonstration raises urgent questions about the security standards of consumer-grade autonomous outdoor equipment.

The vulnerability disclosure centers on weaknesses in Yarbo's remote connectivity infrastructure, which allowed Makris to bypass authentication mechanisms and issue commands to the mower without physical access. The researcher identified the flaws as part of a broader audit of internet-connected outdoor machinery. Yarbo, which manufactures robot lawn mowers with various attachment capabilities, has not yet issued a public statement addressing whether patches are in development or whether affected units span multiple markets. The distance involved—roughly 6,000 miles between operator and device—underscores how exposed these systems remain to exploitation by actors with moderate technical resources.

The incident adds to mounting scrutiny of IoT device manufacturers whose products operate in physical environments near people. Unlike compromised smart speakers or thermostats, a robot mower with functional blades presents direct physical risk when remote access falls into unauthorized hands. Security researchers have long warned that the convenience of app-controlled outdoor equipment has outpaced basic security hygiene. Makris's demonstration, conducted under controlled conditions with kill switches available, stops short of revealing full technical details but signals that the underlying architecture lacks adequate access controls. Industry observers are watching for whether Yarbo responds with a firmware update or recall, and whether regulators will treat this as a case warranting mandatory vulnerability disclosure timelines.