Yarbo to Remove Default Remote Backdoor from Robot Lawn Mowers, Let Users Opt-In

At a glance:

• Yarbo will remove the intentional remote backdoor from its robot lawn mowers by default.
• Customers will be able to opt-in to the remote backdoor feature if they want it.
• Yarbo will soon provide unique root passwords for each device and roll out firmware updates.

What Happened

Yarbo, the company behind the robot lawn mower that ran me over, has decided to remove the intentional remote backdoor from its devices by default. The company had previously kept the backdoor open for "authorized internal company personnel" to help remotely troubleshoot devices, but now plans to make it an opt-in feature that users can install if and only if they want remote help. Co-founder Kenneth Kohlmann told The Verge that the company has decided to go a step further and remove the remote backdoor unless the user decides to opt-in. Kohlmann warns that it will take some time to remove the tunnel, and the required files to install a new version may still technically be loaded on each robot’s internal storage. If the user triggers the setup script, it will install a temporary one-time tunnel. Kohlmann suggests that users should try uploading their log file to Yarbo tech support before going that far. If that’s not enough to diagnose the problem, users could optionally install the remote access feature as well.

Why It Matters

The decision to remove the default remote backdoor from Yarbo’s robot lawn mowers is a significant step towards improving the security of IoT devices. The backdoor had been a major concern for security researchers, who had easily hijacked the robots from the other side of the globe. By removing the backdoor by default and making it an opt-in feature, Yarbo is taking a proactive approach to security and demonstrating a commitment to protecting its customers’ privacy. This move could set a precedent for other companies in the IoT space to follow suit and prioritize security over convenience.

How It Works

Yarbo’s robot lawn mowers will now have a unique root password for each device, which the company will not provide to end users. Firmware updates have already rolled out to the first 1,000 machines and are coming to additional waves of robots. The company is also in touch with security researcher Andreas Makris, and it’s possible that Makris will be able to validate the changes. Users can opt-in to the remote backdoor feature by triggering the setup script, which will install a temporary one-time tunnel. Users should try to upload their log file to Yarbo tech support before opting-in to the remote access feature.

What to Watch Next

The success of Yarbo’s move to remove the default remote backdoor from its robot lawn mowers will depend on how well the company can ensure that the feature is secure and does not pose a risk to its customers’ privacy. The company will need to work closely with security researchers to validate the changes and address any potential security vulnerabilities. Additionally, the company will need to ensure that the feature is easy for users to opt-in to and does not create any inconvenience or confusion.