TL;DR
Yarbo has committed to removing the persistent remote backdoor from its robot lawn mowers, making remote access an optional feature. The company aims to improve security following concerns raised by a security researcher. The change is still in progress, with implementation details to be finalized.
Yarbo has announced it will remove the default remote backdoor from its robot lawn mowers, allowing users to opt-in if they require remote troubleshooting. This move follows security concerns raised about the vulnerability allowing hijacking of the devices.
Yarbo initially kept a remote backdoor in its robot lawn mowers for authorized internal troubleshooting, but security researcher Andreas Makris demonstrated that this vulnerability could be exploited remotely, exposing devices to hijacking and data leaks. After discussions with Makris and internal review, Yarbo has committed to making the backdoor an optional feature rather than a default setting.
Co-founder Kenneth Kohlmann told The Verge that the company plans to implement a setup process where users can choose whether to enable remote access. The remote backdoor will be disabled by default, and users will need to explicitly activate it if they want remote support. The company is also working to ensure each device has a unique root password, further strengthening security.
Why It Matters
This development is significant because it addresses security vulnerabilities that could allow malicious actors to hijack robotic lawn mowers, potentially leading to privacy breaches or physical safety concerns. It also reflects a broader industry push toward user-controlled security features and transparency about device access.
ECOVACS Goat O1000 RTK Care Kit Robotic Lawn Mower with RTK Precision Navigation, No Perimeter Wire, Smart App Control, Auto Mapping, Multi-Zone Management – Includes 36 Extra Blades
RTK Precision Navigation for Wire-Free, Accurate Mowing. Powered by advanced RTK technology, this robotic lawn mower delivers centimeter-level…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Earlier in March 2024, security researcher Andreas Makris demonstrated how Yarbo’s robot lawn mowers could be remotely hijacked via a persistent backdoor, exposing email addresses, GPS locations, and control over the devices. Yarbo initially responded by promising to fix security flaws but did not plan to remove the remote backdoor entirely, citing the need for remote troubleshooting. Following public and internal discussions, the company reversed its stance and now plans to make remote access optional.
“In the future there should be no remote backdoor unless the user decides to opt-in.”
— Kenneth Kohlmann, Yarbo co-founder
“Completely removing remote diagnostic capability would reduce our ability to help customers resolve safety, connectivity, and service issues quickly.”
— Showan Hou and Maggie Zhou, Yarbo spokespeople
YARBO Robot Lawn Mower for Large Yard up to 6 Acres, Perimeter Wire Free, Modular Design, 1.2"-4.0" Cutting Height, 70% Slopes, Auto Recharging, AI Vision & RTK for Navigation
Engineered for Large Yards: YARBO robot lawn mower tackles 6.2 Acres (25,000㎡) with 120 minutes runtime per charge….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how quickly Yarbo will fully implement the opt-in remote access feature across all devices, or how the company will verify that the remote backdoor has been completely removed from existing units. The extent of user control and the security of the new setup process are still being finalized.
2026 New Robot Lawn Mower with App Control – Features Adjustable Cutting Height, Auto-Charging, Obstacle Detection and Brushless Motor for Lawns Up to 1/8 Acre, Gray
Smart App Control & High-Efficiency Brushless Motor: With the YARDCARE app, you can effortlessly manage your mowing schedule,…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Yarbo is expected to roll out firmware updates to all existing devices, incorporating the new security measures and the opt-in remote access feature. The company is also in discussions with security researcher Andreas Makris to validate the effectiveness of these changes. Further updates on deployment timelines are anticipated in the coming weeks.
YARBO Robot Lawn Mower for Large Yard up to 6 Acres, Perimeter Wire Free, Modular Design, 1.2"-4.0" Cutting Height, 70% Slopes, Auto Recharging, AI Vision & RTK for Navigation
Engineered for Large Yards: YARBO robot lawn mower tackles 6.2 Acres (25,000㎡) with 120 minutes runtime per charge….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Will all Yarbo robot lawn mowers have the remote backdoor removed?
Yarbo plans to disable the remote backdoor by default on all devices, making remote access an optional feature that users can enable if needed.
How will users be able to enable remote access if they choose to?
Users will need to go through a setup process during firmware updates to opt-in to remote support, which will activate a temporary, one-time tunnel if needed for troubleshooting.
Does this change mean Yarbo’s devices are now fully secure?
While the removal of the persistent backdoor improves security, the company is still rolling out additional protections, such as unique root passwords, and the effectiveness of these measures will depend on proper implementation and user participation.
When will the firmware updates be available to all users?
Yarbo has begun rolling out updates to the first 1,000 devices, with plans to expand to additional units in the coming weeks. Exact timelines depend on the deployment schedule.
