Sounds like making dangerous home robots with spinning blades and wireless connectivity is a bad idea
Even if you press that big red emergency stop button on the mower itself, a hacker can send another command to unlock it, Makris says.
Holy cow. I work in factories, and I know enough about industrial safety to know that would not fly.
Yeah a big red shutoff should be the cutoff to the electricity, water, air, oil, or whatever else it’s meant to stop.
And that’s only, like, the most basic part of an industrial e-stop. On top of directly disconnecting the energy source, it also has to include redundant circuits (since it’s possible for a contactor to break and fail open, or weld and fail closed), and some even need to have signal pulses constantly going through them to actively confirm they haven’t been pressed. They absolutely should not just send a signal to a Linux computer, because general-purpose operating systems are too complex to be rated for safety.
This isn’t even my area of expertise yet I know this stuff. The fact that they failed at the very first requirement is really messed up.
No, the big red button launches the nukes.
That has the secondary effect of shutting off the electricity, water, air, oil, or whatever else … It just takes a little longer.
Did they vibe coded the backend?
An hacker can get:
- GPS position
- Email address
- Video feed
- WiFi password
- Root access to a Linux client in the same WiFi network of the victim which means can change the DNS servers in the router for a mitm Attack if the default password hasn’t been changed (and nobody changes that)
And they demonstrated to the journalist…
- Get a list of every “smart” lawnmower nearby a nuclear plant
- Check the emails of the owner in LinkedIn or something like that to see who could work at that nuclear plant
- Have access to his home network and a video feed on a robot that can be remotely moved to other position to check the perimeter
Scary
We’re in an untold era of productivity! There’s no time for things like safety!!!
/s
which means can change the DNS servers in the router for a mitm Attack if the default password hasn’t been changed (and nobody changes that)
or if the device can succesfully spoof DHCP offers. perhaps crashing the real one, or just being faster somehow
Makris explains that not only does each Yarbo robot have the same hardcoded root password, but owners can’t defend themselves just by manually setting a better password. Every time Yarbo updates a robot’s firmware, it changes the robot’s root password right back to its default password.
lol
he did it intentionally.
“I’ve made the questionable decision of lying down in the mower’s path — to see just how far Makris, the security researcher who discovered those flaws, is able to push the mower.”
Sounds dumb, idk.
copied from my mastodon
Alexa, mow down my enemies and livestream me the audio so I can hear the lamentation of their women.
This sounds like a storyline for the next Honey I Shrunk the Kids movie?
And shouldn’t it be…em…the Grass Verge?
I’ll get my coat.
Read without the paywall: https://archive.is/mTp9k
Flashbacks to Lawnmower Man
I laughed at this.
