Yarbo promises to fix security flaws in its robot lawn mowers

Yarbo, a manufacturer of robot lawn mowers, faced a crisis after a security researcher revealed critical vulnerabilities in their systems. Last week, the researcher demonstrated how these robots could be easily hijacked, exposing sensitive data and allowing unauthorized remote control.

The company responded with a comprehensive statement, acknowledging the issues and promising immediate action. Yarbo confirmed that it has temporarily cut off remote access and is working on a series of updates to fix credential management and server security flaws.

"In the future, each device will use its own independent credentials to prevent one affected device from impacting the entire fleet," Yarbo stated in their official message.

Furthermore, Yarbo maintains that it will still have remote access, but only for authorized personnel, with audits and limited permissions. The company does not plan to remove this feature entirely, despite criticisms and the demonstration of the vulnerability.

The security researcher Andreas Makris, who uncovered the flaws, said Yarbo has initiated direct communication and established a security response center. The first wave of security updates is expected within a week, including patches and enhanced data protections.

Yarbo also acknowledged that some vulnerabilities stemmed from legacy systems and outdated configurations, which are now being phased out or upgraded. The company committed to strengthening access controls, authentication, and visibility to prevent future incidents.

Finally, Yarbo announced plans to launch a dedicated security contact channel and is considering a bug bounty program to promote transparency and trustworthiness in its products over the long term.