A cybersecurity researcher remotely hijacked a 200-pound autonomous lawn mower and drove it directly at a journalist, demonstrating a serious vulnerability in connected robotic devices. Andreas Makris, working from 6,000 miles away, took control of the machine through its network connection and steered it toward the reporter lying on the ground, its blades spinning. The attack showcased how internet-connected robots lack basic safeguards against unauthorized access.
The lawn mower lacked fundamental security protections that could have prevented the takeover. There was no authentication requirement to access its controls, no encryption on communications, and no kill-switch mechanism that couldn't be overridden remotely. Makris explained the vulnerability chain: he accessed the device's cloud connection, bypassed minimal security checks, and gained full control of its movement and blade operation.
This isn't theoretical risk. A hacked lawn mower becomes a physical weapon. The 200-pound robot moving at speed with active blades presents genuine injury potential. The attack raises urgent questions about consumer robotics entering homes and yards without adequate protection.
Manufacturers of autonomous devices typically prioritize convenience over security during development. Adding robust authentication and encrypted communications increases costs and complexity. Many treat connected features as afterthoughts rather than security-critical systems. The lawn mower case demonstrates the gap between what consumers assume about device security and what actually exists.
The vulnerability affects the growing category of "smart" outdoor equipment. Robot lawn mowers, autonomous vehicles, and connected yard tools are selling in volume. If these devices connect to the internet for scheduling, geolocation, or remote monitoring, they become potential attack vectors.
Makris' work follows the pattern of responsible disclosure. He identified the vulnerability, demonstrated its severity, and worked with the manufacturer toward fixes. The stunt's dramatic presentation gets attention for a problem industry-wide: connected consumer robotics lack basic security