Even if you press that big red emergency stop button on the mower itself, a hacker can send another command to unlock it, Makris says.
Holy cow. I work in factories, and I know enough about industrial safety to know that would not fly.
this post was submitted on 07 May 2026
124 points (91.9% liked)
Technology
85539 readers
3444 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
Yeah a big red shutoff should be the cutoff to the electricity, water, air, oil, or whatever else it’s meant to stop.
No, the big red button launches the nukes.
That has the secondary effect of shutting off the electricity, water, air, oil, or whatever else ... It just takes a little longer.
And that's only, like, the most basic part of an industrial e-stop. On top of directly disconnecting the energy source, it also has to include redundant circuits (since it's possible for a contactor to break and fail open, or weld and fail closed), and some even need to have signal pulses constantly going through them to actively confirm they haven't been pressed. They absolutely should not just send a signal to a Linux computer, because general-purpose operating systems are too complex to be rated for safety.
This isn't even my area of expertise yet I know this stuff. The fact that they failed at the very first requirement is really messed up.
Makris explains that not only does each Yarbo robot have the same hardcoded root password, but owners can’t defend themselves just by manually setting a better password. Every time Yarbo updates a robot’s firmware, it changes the robot’s root password right back to its default password.
lol
he did it intentionally.
"I’ve made the questionable decision of lying down in the mower’s path — to see just how far Makris, the security researcher who discovered those flaws, is able to push the mower."
Sounds dumb, idk.
copied from my mastodon
Alexa, mow down my enemies and livestream me the audio so I can hear the lamentation of their women.
Did they vibe coded the backend?
An hacker can get:
- GPS position
- Email address
- Video feed
- WiFi password
- Root access to a Linux client in the same WiFi network of the victim which means can change the DNS servers in the router for a mitm Attack if the default password hasn't been changed (and nobody changes that)
And they demonstrated to the journalist..
- Get a list of every "smart" lawnmower nearby a nuclear plant
- Check the emails of the owner in LinkedIn or something like that to see who could work at that nuclear plant
- Have access to his home network and a video feed on a robot that can be remotely moved to other position to check the perimeter
Scary
We’re in an untold era of productivity! There’s no time for things like safety!!!
/s
which means can change the DNS servers in the router for a mitm Attack if the default password hasn't been changed (and nobody changes that)
or if the device can succesfully spoof DHCP offers. perhaps crashing the real one, or just being faster somehow
Sounds like making dangerous home robots with spinning blades and wireless connectivity is a bad idea
Flashbacks to Lawnmower Man
This sounds like a storyline for the next Honey I Shrunk the Kids movie?
And shouldn't it be...em...the Grass Verge?
I'll get my coat.
I laughed at this.