Yarbo has announced it will completely remove the remote backdoor access that allowed potential reprogramming of its robot lawn mowers over the internet, according to cofounder Kenneth Kohlmann.
Initial Security Concerns
Last Friday, Yarbo had promised to address security vulnerabilities after Andreas Makris, a researcher, demonstrated how easily the robots could be hijacked remotely, exposing users' email addresses and GPS locations. However, the company initially retained a remote backdoor for internal troubleshooting, drawing criticism.
Customer Choice Emphasized
Kohlmann has now confirmed that Yarbo will make the remote access feature an optional installation. “In the future, there should be no remote backdoor unless the user decides to opt in,” he stated. This marks a shift from the company's earlier stance, which suggested that removing the capability would hinder customer support.
Implementation and Verification
Removing the backdoor will take time, and some setup files may remain on the robots' internal storage. These will only activate if the user chooses to enable the feature for troubleshooting. Kohlmann suggests customers first try sending log files to support before opting for remote access. Yarbo is also working with Makris to validate the security changes.
Future Updates
Yarbo is implementing unique root passwords for each device, which will not be shared with end users. Firmware updates are already being rolled out, with the first wave reaching 1,000 machines. The company is committed to enhancing security and rebuilding customer trust.
Source: https://www.theverge.com/tech/928289/yarbo-remove-robot-lawn-mower-backdoor




