Yarbo responds to robot flaws that could mow down their owners

A security researcher demonstrated that Yarbo robotic lawn mowers worldwide were vulnerable to remote takeover due to legacy design flaws—shared hardcoded root credentials, persistent remote diagnostic tunnels, and weak MQTT messaging—allowing extraction of GPS, Wi‑Fi credentials, camera access, and bypass of emergency stops. Yarbo acknowledged the findings, temporarily disabled tunnels, reset credentials, locked down endpoints, and committed to per‑device credentials, OTA rotation, audited allowlist diagnostics, and a security contact.