I Survived a Hacker’s Robot Lawn Mower Attack

I’m flat on my back in the grass, staring up at a machine that weighs as much as a grown man. It’s heading straight for me. Then, with a sudden jolt, it starts crawling up my chest. If security researcher Andreas Makris doesn’t act fast, the 200-pound robot lawn mower could drag its spinning blades across my body.

Makris can’t just reach over and hit the emergency stop. He’s sitting nearly 6,000 miles away, having hacked into the Yarbo mower from the other side of the globe. His goal is to expose the critical security flaws that leave these devices wide open to remote takeover. Meanwhile, I’ve made the somewhat reckless choice to lie down in the mower’s path, just to see how far he can push it.

As the mower inches closer to my chest, the tension is real. This isn’t a stunt for shock value. It’s a live demonstration of a vulnerability that could let a hacker halfway around the world take full control of a heavy, blade-equipped lawn mower , with no way for the owner to intervene. The Yarbo mower, designed to be a smart, autonomous helper, becomes a weapon in the wrong hands.

Makris discovered that the mower’s communication protocols, particularly its MQTT-based remote control system, lacked basic authentication. That meant anyone with the right know-how could send commands to the machine, move it, steer it, and even access its onboard camera. The security researcher’s findings expose a glaring oversight in the rush to make yard work hands-free: without robust safeguards, a convenience tool can turn into a serious threat.

For now, the demonstration ends safely. But the takeaway is clear: as more heavy, autonomous machines enter our homes and yards, the stakes for IoT security have never been higher.