Yarbo Robot Mower Hack: 3 Security Fixes You Need Now

You plug in your new robot mower, connect it to your home Wi-Fi, and type in your password without a second thought. A week later, your location is on a hacker's screen. Your Wi-Fi password, email, even your GPS coordinates—all exposed. That's not a horror story. That's what happened to a Verge reporter when a hacker hijacked his Yarbo mower and drove it straight into him.

Yarbo is now scrambling to fix the mess, but here is the thing nobody talks about: you can't wait for manufacturers to patch things up. You need to act now. Here are three specific, immediate actions you can take to protect every smart device in your life.

1. Kill Remote Access by Default

Yarbo admitted its mowers had hardcoded credentials and open remote diagnostic ports. That is absurd. Most IoT devices ship with features you'll never use—remote control, cloud backups, data sharing—all of which are attack surfaces.

• What to do: Disable remote access in the device's settings. If you can't, put it behind a VLAN that only allows local traffic.
• Why it matters: That cloud feature is a direct line to your home network. No remote access = no hijacking.
• How to do it: Open the app, find 'Remote Control' or 'Cloud Access,' and toggle it off. Then in your router settings, create a guest network for IoT gadgets and block inbound internet.
• Potential pitfalls: Some devices won't work at all without cloud access—look for a 'local network only' mode. Test it before you rely on it.

2. Change Default Credentials Immediately

Yarbo's devices came with usernames and passwords that were the same across every unit. Hackers just Googled the manual. You open your dashboard and see 'admin' and '1234' staring back at you. Change them. Right now.

This is not just for mowers. Think of your smart speakers, cameras, thermostats, even your printer. I learned this the hard way when my own camera was part of a botnet. It took me an hour to clean it up.

• What to do: For each device, log in, find the password settings, and create a unique, complex password. Use a password manager.
• Why it matters: Hardcoded credentials are the number one entry point for botnets. Changing them kills the attack.
• Potential pitfalls: Some devices force you to reset to change passwords—that's fine. Do it anyway.

3. Keep Firmware Updated—But Don't Trust It Blindly

Yarbo promised a firmware fix. That is good, but here is the problem: updates can introduce new bugs. Always wait a few days after an update is released to see if others report issues. Then apply it.

Set update notifications to 'on' in the device app. And while you are at it, check if the manufacturer has a security disclosure page. Yarbo did not—until they got hacked. That is a red flag.

One more thing: if a device stops receiving updates, replace it. That is your last line of defense.

Honestly, most of the time we think 'it won't happen to me.' But a robot mower just ran over a journalist. Your smart devices are next. Lock them down today.