{"id":52980,"date":"2026-05-11T09:36:27","date_gmt":"2026-05-11T09:36:27","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=52980"},"modified":"2026-05-11T09:36:27","modified_gmt":"2026-05-11T09:36:27","slug":"yarbo-responds-to-robot-flaws-that-could-mow-down-their-owners","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=52980","title":{"rendered":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA"},"content":{"rendered":"

{“lastseen”:”2026-05-11T14:05:08″,”description”:”A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.\\n\\nSecurity researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of \u201clegacy\u201d design choices: every robot shared the same hardcoded root password, remote tunnels were left open, and Message Queuing Telemetry Transport (MQTT) messaging was so weakly protected that once you had one device, you effectively had the worldwide fleet.\\n\\nAn attacker could pull GPS coordinates, email addresses, and Wi\u2011Fi passwords, turn cameras into remote spying tools, and even re\u2011arm the mower after someone hit the emergency stop. \\n\\nAll of this was enabled by a persistent backdoor tunnel that users could neither see nor meaningfully control. The risks fell into three very different buckets:\\n\\n * A heavy mower with remotely controllable blades and an emergency stop that can be bypassed is a real-world safety hazard.\\n * Exposed telemetry meant attackers could map where devices were, see who owned them, and in some reports even view camera feeds.\\n * Network abuse through shared root credentials meant compromised robots could scan local networks, steal more data, or be folded into a botnet.\\n\\n\\n\\nYarbo\u2019s public response is unusually detailed for a consumer Internet of Things (IoT) vendor. It\u2019s also refreshingly blunt in admitting that the researcher\u2019s core findings were accurate. The company temporarily disabled the remote diagnostic tunnels, reset root passwords, locked down unauthenticated endpoints, and began ripping out unnecessary legacy access paths.\\n\\nMore importantly, Yarbo promises structural changes:\\n\\n * Unique per\u2011device credentials.\\n * Over-the-Air (OTA) credential rotation.\\n * Audited, allowlist\u2011based remote diagnostics.\\n * Dedicated security contact, with a possible bug bounty to follow.\\n\\n\\n\\nThat is the sort of long\u2011term security hygiene we rarely see spelled out this clearly after an IoT fiasco.\\n\\nFrom a disclosure and remediation standpoint, Yarbo is doing many things right: crediting the researcher, apologizing, prioritizing fixes, and explaining both short\u2011term patches and long\u2011term architectural changes in human language. For buyers of connected devices with blades, that level of transparency is a positive precedent.\\n\\nBut Yarbo has explicitly chosen to keep a remote access tunnel, although wrapped in better controls and logs, instead of offering users the option to remove or fully opt out of it.\\n\\n## How to secure IoT devices\\n\\nThe vulnerabilities uncovered in the Yarbo case present an almost a live-action demo of what the IoT Cybersecurity Improvement Act is trying to prevent in US government deployments. While the Act doesn\u2019t apply to Yarbo directly, its National Institute of Standards and Technology (NIST)-driven requirements map neatly onto what went wrong here.\\n\\nSo, it\u2019s still up to users to make sure you:\\n\\n * Change the default credentials.\\n * Check if the vendor will make updates available and how easy it is to install them before buying an IoT product. And then install the updates when available.\\n * If you can, put your IoT devices on a separate network. Use a guest Wi\u2011Fi or separate VLAN when available.\\n * Disable what you don’t need. Turn off UPnP, remote access, cloud control, and unnecessary services if you’re not actively using them.\\n * If your router or security suite logs connections from IoT devices, skim those logs for odd spikes or unknown destinations.\\n\\n\\n\\n* * *\\n\\n****Let ‘s face it, an incognito window can only do so much.** \\n \\n**Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance.”,”published”:”2026-05-11T13:21:57″,”modified”:”2026-05-11T13:21:57″,”type”:”malwarebytes”,”title”:”Yarbo responds to robot flaws that could mow down their owners”,”source”:””,”references”:””,”id”:”MALWAREBYTES:49B29ABA09490928A167FF4332A523FA”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/yarbo-responds-to-robot-flaws-that-could-mow-down-their-owners”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-05-11T14:05:08″,”description”:”A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.\\n\\nSecurity researcher Andreas…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-52980","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nYarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=52980\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-05-11T14:05:08″,”description”:”A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.nnSecurity researcher Andreas...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=52980\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-11T09:36:27+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA\",\"datePublished\":\"2026-05-11T09:36:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980\"},\"wordCount\":760,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"malwarebytes\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52980#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980\",\"name\":\"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-11T09:36:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52980\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52980#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=52980","og_locale":"en_US","og_type":"article","og_title":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem","og_description":"{“lastseen”:”2026-05-11T14:05:08″,”description”:”A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords.nnSecurity researcher Andreas...","og_url":"https:\/\/zero.redgem.net\/?p=52980","og_site_name":"zero redgem","article_published_time":"2026-05-11T09:36:27+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=52980#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=52980"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA","datePublished":"2026-05-11T09:36:27+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=52980"},"wordCount":760,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","malwarebytes","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=52980#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=52980","url":"https:\/\/zero.redgem.net\/?p=52980","name":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-11T09:36:27+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=52980#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=52980"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=52980#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Yarbo responds to robot flaws that could mow down their owners_MALWAREBYTES:49B29ABA09490928A167FF4332A523FA"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52980"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52980\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}