Yarbo Backtracks: Robot Lawn Mower Maker Pledges to Remove Intentional Backdoor After Global Hijack Vulnerability Exposed

Yarbo, the company behind a robot lawn mower that security researchers found could be hijacked from anywhere in the world, has committed to completely removing the intentional backdoor access that created the vulnerability. The reversal comes after Andreas Makris, a security researcher, demonstrated how malicious actors could easily reprogram the autonomous machines over the internet—accessing sensitive data in the process.

The flaw exposed far more than just remote control of a consumer device. According to findings published by The Verge, the vulnerability allowed attackers to retrieve user email addresses and real-time GPS coordinates of every affected unit. The backdoor was embedded during manufacturing, raising questions about why such access existed in the first place and what safeguards should govern connected outdoor machinery.

Co-founder Kenneth Kohlmann told The Verge that customers will now have the option to decline installation of the remote access feature entirely. Yarbo had previously announced plans to address security gaps on Friday, but the latest commitment represents a more complete capitulation to researcher demands. The incident underscores growing scrutiny of internet-connected hardware, particularly devices operating autonomously in residential environments where location data and personal information remain at stake.