Robot Maker to Ditch Security Flaw in Lawn Mowers

Hidden Access Raises Safety and Privacy Concerns

Yarbo, a robotics company, will eliminate an intentional backdoor in its autonomous lawn mowers. The move follows scrutiny after a unit injured a user in Europe. The update applies globally and will roll out via software patch later this year.

The backdoor, originally built for remote diagnostics and support, allowed Yarbo technicians to access devices without user consent. After the incident in which a mower ran over a person, cybersecurity experts flagged the feature as a serious vulnerability. The company initially defended the access, but public backlash and media coverage forced a reversal.

Security researchers first discovered the backdoor while analyzing firmware from a Yarbo S1 model. They found that the system accepted commands from any server controlled by the company, bypassing standard authentication. This meant Yarbo could take control of a mower at any time—even when users believed they were operating it manually.

Kenneth Kohlmann, Yarbo’s spokesperson, admitted the flaw in a recent interview. „We built this feature to help customers troubleshoot issues quickly,” he said. „But we underestimated the risks it posed to safety and privacy.” The company acknowledged that such access could be exploited if servers were compromised.

Could Other Smart Devices Have Secret Controls?

Consumer advocates argue that the backdoor violated basic principles of device ownership. „You buy a mower to serve you—not to answer to a remote server,” said Lars Mikkelsen, a digital rights analyst in Copenhagen. „This kind of design assumes users can’t manage their own machines.”

Yarbo’s case has sparked broader concern about autonomy in consumer robotics. As more household devices connect to the internet, manufacturers are adding remote management tools—sometimes without clear disclosure. Experts warn that similar backdoors could exist in robotic vacuums, security cameras, or even smart lawnmowers from other brands.

„There’s no industry standard preventing this,” said tech ethicist Naomi Chen. „Companies often prioritize service efficiency over user control. But when a robot can override its owner, it’s not just a privacy issue—it’s a physical safety risk.”

Frequently Asked Questions

Yarbo says the upcoming patch will disable remote command access entirely. Users will still be able to opt into data sharing for support, but only with explicit, revocable permission. The company also plans third-party audits of its firmware going forward.

What is a backdoor in a robot mower? A backdoor is a hidden access point that lets a manufacturer control the device remotely. In Yarbo’s case, it allowed full operational override without user approval.

Will the fix be automatic? Yes, the update will be delivered over-the-air. All Yarbo S1 units will receive the patch by the end of the year unless manually disabled.

Can I check if my device has been accessed remotely? Current models don’t log remote access events. Yarbo says future updates will include an activity log visible to users.