heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex Secure by design
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
the verge is paywalled (forgot my RSS reader bypasses that to get the full text) - the full vulnerability disclosure is here https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
here's just one part of it
(also gonna mute this thread)
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex This timeline we live in just never stops does it?
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex Root access on anything to do with gardening seems especially nasty.
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex @octothorpe immediate addition to the never ever buy from this company list
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex And how much is the military spending on developing deadly ALVs?
They're already Developed!
-
@Dex @octothorpe immediate addition to the never ever buy from this company list
@steveriggins @Dex yuuuuup
-
@steveriggins @Dex yuuuuup
@octothorpe @steveriggins @Dex It’s only a matter of time before they hack into cars, if they haven’t already.
I am going to be stuck with my old car forever.
-
@octothorpe @steveriggins @Dex It’s only a matter of time before they hack into cars, if they haven’t already.
I am going to be stuck with my old car forever.
@CStamp @octothorpe @Dex I’m only concerned about riding lawnmowers
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex why in the everloving fuck are lawnmowers even connected to the internet? -
@CStamp @octothorpe @Dex I’m only concerned about riding lawnmowers
@steveriggins You have that big a yard? I like well-balanced and oiled pushmowers. Quiet, less room to store, environmentally-friendly, easier to push than gas, and they absolutely don’t spy on me or are hackable.
@octothorpe @Dex -
@steveriggins You have that big a yard? I like well-balanced and oiled pushmowers. Quiet, less room to store, environmentally-friendly, easier to push than gas, and they absolutely don’t spy on me or are hackable.
@octothorpe @Dex@CStamp @octothorpe @Dex no. I will likely have a hand push mower at the new place. Very little grass. Not worried about my car though.
-
@CStamp @octothorpe @Dex no. I will likely have a hand push mower at the new place. Very little grass. Not worried about my car though.
@steveriggins @octothorpe @Dex Toronto area has yards that to me seem ridiculous to mow with this gas and electric mowers. By the time you pull the thing out, the lawn could’ve been mowed and you could be sitting in a chair, sipping wine.
-
@steveriggins @octothorpe @Dex Toronto area has yards that to me seem ridiculous to mow with this gas and electric mowers. By the time you pull the thing out, the lawn could’ve been mowed and you could be sitting in a chair, sipping wine.
@CStamp @octothorpe @Dex one advantage to a riding mower is sipping wine while clipping the lawn haha.
-
@CStamp @octothorpe @Dex no. I will likely have a hand push mower at the new place. Very little grass. Not worried about my car though.
@steveriggins I do not want a car with internet, subscriptions, NDAs, things that mean I haven’t really bought a car but have handed someone a lot of money to monetize me with 3rd parties so Si can pretend I own it. I don’t want cameras, computers phoning in my driving habits. I just want a car that works as expected. And I want dials and buttons and keyholes, not computer screens. IS THAT TOO MUCH TO ASK?!
@octothorpe @Dex -
@CStamp @octothorpe @Dex one advantage to a riding mower is sipping wine while clipping the lawn haha.
@steveriggins Drinking and driving? You didn’t really want the pansies or azaleas, did you?
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex Living in the future.
-
heads up if you have a yarbo lawnmower, switch it off, change your home wifi password, and potentially move house
(root access with the same root password on every mower - reset to the same thing after every update even if you change it, your wi-fi credentials + gps in plaintext. also for some reason all the safety features designed to stop them hitting people can be overridden remotely)
A hacker ran me over with a robot lawn mower
Forget robovacs — Yarbo’s bladed robots are an even bigger security nightmare.
The Verge (www.theverge.com)
@Dex "Connect everything to the Internet"... is a form of mass insanity.
-
R relay@relay.infosec.exchange shared this topic
-
@steveriggins I do not want a car with internet, subscriptions, NDAs, things that mean I haven’t really bought a car but have handed someone a lot of money to monetize me with 3rd parties so Si can pretend I own it. I don’t want cameras, computers phoning in my driving habits. I just want a car that works as expected. And I want dials and buttons and keyholes, not computer screens. IS THAT TOO MUCH TO ASK?!
@octothorpe @Dex@CStamp @octothorpe @Dex nope? That’s fine. I like that mine drives itself in traffic and that it can find nearby charging stations and get the car ready for charging on the way and that my dash camera will catch any issue when it happens. If it’s sending my data to someone I didn’t approve, that won’t last long in class action court. WA just went to self recording mileage vs requiring an app so moving in the right direction.
