Yarbo backdoor – Yarbo says it will switch its remote backdoor on robot lawn mowers to an opt-in feature, while rolling out stronger security fixes.
A robot lawn mower that can be remotely controlled over the internet is exactly the kind of risk that makes backyard technology feel suddenly. and uncomfortably. like software with sharp edges.. Yarbo. the company behind a robot lawn mower that has already drawn scrutiny after it was reported to be hackable. says it will now remove the intentional remote access “backdoor” by default.
In its latest commitment. Yarbo plans to completely remove the remote backdoor capability that could allow bad actors to reprogram the robotic mower over the internet.. Instead of leaving the door open. the company says it will make the feature optional. with customers able to decide whether it even gets installed in the first place. co-founder Kenneth Kohlmann said.
That shift comes after Yarbo previously promised to address multiple security weaknesses. including fixes designed to close the gaps that a security researcher. Andreas Makris. said he could exploit from far away to hijack bladed robots.. The earlier security response also involved addressing privacy exposure that included leaking email addresses and GPS locations.
The most sensitive issue was the remote backdoor itself.. When Yarbo was asked about how the company would handle that capability. it initially argued that it would keep a remote path open for “authorized internal company personnel” to troubleshoot devices.. The rationale. at the time. was that remote diagnostic help could resolve safety. connectivity. and service issues more quickly. particularly when physical inspection is impractical.. Yarbo suggested it might later allow customers to opt out. but the default approach was not fully turned into a user-controlled setting.
By Monday, however, the position had changed.. Kohlmann said Yarbo will move to an opt-in model where there should be no remote backdoor unless the user chooses to install the capability for remote help.. He framed the goal as eliminating persistent remote access from the baseline configuration. rather than relying on “more protections” around a feature that still exists.
The company acknowledges that removing the tunnel is not instantaneous.. Kohlmann warned that the files required to install a new version may technically remain on each robot’s internal storage.. His description is that a setup script could sit on the device and do nothing unless the user triggers it.. If the user does trigger it. Yarbo says the system would install a temporary one-time tunnel instead of leaving a continuous remote access pathway.
Kohlmann also suggested an escalation path for troubleshooting.. In practical terms, he indicated that customers would likely try sending logs to Yarbo technical support first.. If those logs don’t solve the issue. users would have the option to install the remote access feature as well. rather than enabling it by default.
Because Yarbo has been actively locking down its robots following the earlier coverage. it may be difficult to know immediately whether the company’s plan will fully be reflected in what’s visible on a device.. Still. Kohlmann said the company is moving toward stronger account and device authentication basics. including giving each mower a unique root password that Yarbo would not share with end users.
On the firmware side. Yarbo says updates have already been rolled out to the first 1. 000 machines. with additional waves planned for more robots.. This matters because the changes around remote access. password handling. and update cadence all intersect; even if a backdoor is intended to be removed or disabled by default. other authentication and firmware safeguards determine how reliably a device can be protected over time.
Crucially. the company says it is in contact with Makris and that it’s possible the researcher will be able to validate the changes.. That sets the stage for an external check of whether the remote access pathway has truly been eliminated from the default setup and whether the new opt-in mechanism behaves as promised.
robot lawn mower security Yarbo backdoor IoT cybersecurity remote access risk firmware updates opt-in remote diagnostics