Yarbo bots found to have hidden root access for surveillance and attacks
Can a robotic lawnmower hit or even injure a person? It turns out the answer is yes.
Security researcher Andreas Makris discovered a backdoor for remote access in Yarbo robotic lawnmowers. All devices had the same root password, hardcoded into the firmware.
During the experiment, a journalist from The Verge lay down in front of the robot, while Makris remotely took control of the device from Germany and pointed it directly at the person.
The vulnerability allows:
• control of the robot's movement;
• activation of the blades;
• bypassing the emergency stop;
• accessing cameras;
• obtaining Wi-Fi passwords and GPS coordinates of their owners;
• using the devices for DDoS attacks.
Furthermore, the researcher believes that such robots could be used for espionage.
The most interesting thing is that Yarbo positions itself as an American brand from New York, but journalists discovered that it is actually the Chinese company Hanyang Tech from Shenzhen that is behind it.