Yarbo Robot Mower Backdoor: Same Root Password On 11,000 Units

Every Yarbo robot mower sold to date ships with the same root password, a permanent SSH backdoor tunneled through a server in Virginia, and telemetry that quietly phones home to ByteDance in China. That is not a bug researchers found. It is the architecture Yarbo’s parent Hanyangtech built on purpose, then shipped to roughly 11,000 backyards worldwide. On May 7, MITRE published CVE-2026-7414 at a 9.8 critical score.

The disclosure landed publicly through a Verge field demonstration in which a hacker drove the 60-kilogram tracked robot over a reporter lying in the grass, then unlocked the emergency stop remotely to keep it rolling. The stunt is the easy part to picture. The harder part is what the same machine can do to a Wi-Fi network it sits 30 feet from, every minute it is plugged in.

What Researcher Andreas Makris Actually Found

German security researcher Andreas Makris, who publishes as Bin4ry, spent months reverse-engineering the Yarbo Core platform after buying one. His full technical write-up on GitHub documents four chained issues, not one. Each is bad. Together they describe a fleet that any attacker with a serial number can drive.

The first finding is the headline. Every Yarbo robot runs a Greengrass component called com.yarbo.frpc version 1.0.17 that opens a permanent outbound tunnel to a Yarbo-controlled server at 98.82.87.76. SSH sits on the other end of that tunnel with PermitRootLogin yes. A second component, credential_updater 1.0.3, actively resets the root password on every boot to a fleet-wide default. Owners cannot disable either piece. Remove them and they restore themselves.

The second finding is the MQTT broker baked into the same firmware. CVE-2026-7415 covers it: anonymous connections accepted, no topic-level access controls, anyone on the LAN can publish drive commands or subscribe to camera and GPS feeds. The third is a hardcoded developer credential block embedded in the production Android APK, signed with engineer email headers from Hanyangtech’s Shenzhen offices. The fourth is the routing of telemetry to ByteDance’s Feishu platform whenever CPU, memory, or disk usage crosses 80 percent.

The 9.8 Score Is Not Hyperbole

CVSS scores above 9.0 are reserved for vulnerabilities that need no authentication, can be hit over the network, and produce full compromise of confidentiality, integrity, and availability. CVE-2026-7414 hits all three. The vector string published by AHA reads AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, the textbook profile for a worm or a botnet seed.

What gets the score over the line is the unchangeable nature of the credential. The standard CWE-798 advice, rotate the password, does not apply here. There is no rotation path. The credential_updater service forces the same hashed value back onto the system on a schedule. MITRE’s CWE-798 reference calls this the most dangerous variant of hardcoded credentials precisely because the user cannot remediate without source-level access.

How The Tunnel Actually Works

Port 6000 is the entry point on the Yarbo proxy server. A caller sends an HTTP CONNECT request that includes the target robot’s serial number. The FRP server proxies that connection straight through to the robot’s local port 22. Then the standard root credential gets the visitor a shell. No further check. No certificate pinning. No serial-to-owner binding.

Makris found 11,000 active Yarbo cores reachable that way at the time of his testing. Three of them sat near a critical power facility. One, the researcher told The Verge, belongs to a nuclear security analyst.

Why The Mower On Your Lawn Is The Wrong Threat Model

The viral framing is the killer-mower clip. Strip out the cinematics and the physical risk is bounded. A Yarbo Core weighs 60 kilograms, tops out at walking pace, and runs out of battery in two hours. It can ruin a flowerbed. It cannot stalk anyone who notices it.

The network position is the actual problem. A Yarbo sits inside the home Wi-Fi perimeter with cameras, GPS, a 4G modem, Wi-Fi Halow radio, and now a confirmed root shell reachable from the public internet. That is the textbook definition of a pre-positioned foothold. The same architecture, dropped on a corporate campus or a military base, is what threat-intel teams call an implant.

• Wi-Fi credential theft. Once on the robot’s Linux box, an attacker reads wpa_supplicant.conf in plaintext.
• Deauth attacks. The Wi-Fi radio is full-duplex and supports monitor mode, suitable for kicking devices off the local network and capturing handshakes.
• 4G fallback exfiltration. If you isolate the robot on a guest VLAN, it switches to its embedded LTE modem and reaches the same C2 server.
• Persistent residency. The FRP component restores itself if removed, so factory-reset does not clear it.

The Corporate And Government Problem

Yarbo’s product line spans a $1,500 base mower up to a $6,999 four-in-one bundle, plus a $9,999 commercial Pro tier. The buyer base is not only homeowners. The robots are deployed at golf courses, university grounds, resort properties, and corporate campuses. In those settings the device sits on the same VLAN as access control, badge readers, and sometimes operational technology.

That widens the exposure considerably. A lawn robot is invisible. Nobody on a facilities team logs the SSID a tracked rover joins, and nobody flags 4G traffic from a piece of yard equipment. An always-on root tunnel from a serialized device sitting on a corporate guest network is a beacon, not a mower.

The Hanyangtech And ByteDance Question

Yarbo Inc. is registered in New York. The engineering company behind it is Shenzhen Hanyangtech (深圳汉阳科技有限公司), founded in 2015. The Android app’s package identifier still reads com.hanyang.yarbo. The credential token that appears in the FRP config, the MQTT brokers, the OTA reporter, and the root password script is hy18129XXXXXX, the hy prefix standing for Hanyangtech.

The Feishu telemetry is the part that has triggered the loudest reaction in the threat-intel community. Feishu is the international branding of Lark, owned by ByteDance. Yarbo robots phone home to a ByteDance-operated platform when resource thresholds tick over, with the device serial number attached. That data flow is not disclosed in the privacy policy on the company’s legal page.

Usually something like this would start with responsible disclosure. In this case, the manufacturer put the NAT-punching backdoor on the robot on purpose.

That line, written by Makris in the GitHub README, captures the tone of the whole disclosure. The behaviour is not a contractor’s mistake. It is a build decision documented in code committed by Hanyangtech’s own engineers.

Yarbo’s Response So Far

Makris first emailed Yarbo’s security inbox months before publication. The reply he received, quoted in The Verge’s reporting, framed the always-on root tunnel as a feature meant to provide timely and accurate solutions to mechanical or software concerns. He pushed for a fix. The thread went silent. He took the disclosure public.

Since the article hit, Yarbo has rolled an app-side patch covering the smartphone-to-server channel. The company’s own forum thread tracking customer reaction shows the on-device firmware fix is still pending. Owners on that thread describe the situation in blunter terms than the company’s release notes do.

The Pocketables Firmware Wrinkle

One detail in the early Pocketables coverage is worth pinning down. The advisory cites firmware v2.3.9 as affected, with a build date of April 2026. Long-term Yarbo owners on the forum have already pushed past that to v3.13.3. The CVE assigner has not confirmed whether the newer 3.x line carries the same FRP and credential components, only that the 2.3.9 build does. Makris’s GitHub repo, however, references the same com.yarbo.frpc service and credential_updater pattern across builds he tested through April. Until Yarbo publishes a fixed-version statement, the safer assumption is that 3.x is also vulnerable.

What An Owner Can Actually Do This Weekend

The standard advice for IoT hygiene applies, with one painful asterisk. Network isolation does not solve this one because the robot has its own LTE radio and will route around a quarantined VLAN.

1. Pull the SIM. The Yarbo Core uses a removable LTE modem. Removing the SIM kills the 4G fallback, leaving only Wi-Fi as a path out.
2. Block egress to 98.82.87.76. A pfSense or UniFi rule on the WAN side stops the FRP tunnel from establishing while the robot is on your home Wi-Fi.
3. Move the robot to a dedicated SSID with no shared services. A guest SSID with client isolation prevents the deauth-and-replay attack against your main network.
4. Audit your camera and smart-home logs for traffic to AWS regions in us-east-1. The Greengrass control plane lives there.
5. If the robot is on a corporate or campus network, treat it as compromised. Pull it now, image the eMMC, and let the security team review.

The Bin4ry repository includes a kill_frpc.sh script that disables the tunnel locally. Yarbo’s credential_updater will fight it on the next reboot, but it buys time.

The Pattern, Not The Product

Makris published a similar disclosure last year against Unitree Robotics, the Chinese maker of the Go1 quadruped. CVE-2025-2894 documented hardcoded keys, trivial authentication, and unsafe system calls in nearly identical form. Unitree called it leftover code. The newer Go2, G1, H1, and B2 robots, his follow-up UniPwn writeup shows, carry the same pattern.

That is the broader story. A wave of consumer and prosumer robotics is shipping out of Shenzhen with cloud-managed fleet control, hardcoded shared credentials, and engineering decisions that prioritize remote-support convenience over isolation. The Yarbo CVE is not a single bad apple. It is a default architecture for an entire generation of connected outdoor hardware. Cybersecurity practitioners on the CISO Series podcast last week called it the BusyBox era of physical robotics, where the underlying Linux toolchain is mature but the secure-deployment discipline is roughly where home routers were in 2009.

If that comparison holds, the regulatory response will lag the threat by years. The CISA advisory feed has not yet picked up CVE-2026-7414, which means most enterprise procurement teams will not see it in their automated alerts this week. Owners and IT departments are on their own.

Frequently Asked Questions

Is My Yarbo Safe If I Keep It Off Wi-Fi?

No. Every Yarbo Core ships with a working LTE modem and a SIM that is active out of the box. The FRP tunnel reaches Yarbo’s server through that cellular link even when the robot is disconnected from your home Wi-Fi. The only way to remove the cellular path is to physically pop the SIM tray on the side of the chassis. After that, isolating it on a guest SSID actually does something.

Will A Factory Reset Fix This?

No. The FRP component, the credential_updater service, and the hardcoded root password all live in the firmware partition that a factory reset restores from. Resetting the device just reinstalls the backdoor in clean form. A genuine fix requires Yarbo to push a new signed firmware image that removes the components. As of May 9, 2026, that image has not shipped.

Can An Attacker Really See My Wi-Fi Password?

Yes. Once an attacker has root on the robot, the file /etc/wpa_supplicant/wpa_supplicant.conf contains your network’s PSK in plaintext. That is standard Linux behaviour and not specific to Yarbo. The combination of root access plus that file is what makes the device a credible launchpad against the rest of your home network.

Should I Return My Yarbo For A Refund?

Yarbo’s standard return window is 30 days from delivery. Owners outside that window are reporting mixed responses on the official forum, with some receiving partial credits and others being told to wait for the firmware fix. A formal complaint to the FTC under the warranty disclosure rules, backed by the published CVE, is the strongest leverage point if direct support stalls.

Are Other Robot Mowers Affected?

Not by this specific CVE. CVE-2026-7414 is scoped to Yarbo firmware v2.3.9 and the Hanyangtech FRP architecture. However, similar designs exist across the Chinese-built robotics market, including some Unitree quadrupeds and at least two unnamed vendors mentioned in Makris’s broader research. Mowers from Husqvarna, Worx, and EcoFlow do not use the same FRP-and-shared-root pattern based on currently public teardowns.

The lawnmower video will fade. The architecture it exposes will not. Hanyangtech built a fleet management system that treats every customer’s network as a tunnel endpoint, then sold it under an American brand without disclosing what was inside. The serial-numbered foothold is still active in 11,000 yards as of this morning. Whether Yarbo ships a real firmware fix, or quietly rebrands the FRP service and hopes nobody re-examines, will tell you which kind of company it actually is.

Disclaimer: This article describes a publicly disclosed security vulnerability and recommended mitigation steps based on the researcher’s published advisory and CVE-2026-7414. The information is for general awareness and does not replace formal incident response procedures. Owners and administrators should validate any mitigation in a controlled environment before deploying it across production networks and consult their security team for environment-specific guidance. Details reflect facts available on May 9, 2026 and may change as the vendor releases patches.