Hackable Robot Lawn Mower Unlocks a New Nightmare

Cramming for finals is bad enough without the platform you use to do your schoolwork suddenly shutting down. Unfortunately for countless students across the US, that’s exactly what they faced on Thursday after Canvas went into “maintenance mode” following a ransomware attack on education tech firm Instructure. Hackers using the name ShinyHunters claimed responsibility for the breach, and experts say the chaos they caused shows how far these actors will go to extort their victims. Did you know that Google Chrome includes an automatic download of the Gemini Nano AI model? If not, you wouldn’t be alone. People who use Google’s wildly popular browser realized this week that Gemini Nano has been taking up 4 GB of space on their desktops since 2024, sparking annoyance and concerns over privacy. Fortunately, you can disable the AI model—but not without losing some helpful security features. Obviously, you can also just download a different browser for free. Researchers this week revealed that thousands of vibe coded apps were left exposed on the open internet, revealing sensitive corporate and personal data. The security failings are a reminder: Just because you can vibe code something doesn’t necessarily mean you should. The Department of Homeland Security subpoenaed Google in an attempt to obtain the location data and account activity of a Canadian man who criticized US immigration enforcement tactics following the killings of Renee Good and Alex Pretti in Minneapolis early this year. The American Civil Liberties Union this week filed a complaint against DHS on behalf of the man, who has not visited the US in more than 10 years. Scammers, low-level hackers, and other cybercriminals have joined the ranks of humanity yearning to be free of AI slop, according to new research. Meta, meanwhile, is sprucing up its age-verification tech after a study found that kids are tricking online age checks using simple techniques—including one child hero who circumvented online age verification by drawing on a fake mustache. Finally, we detailed Russia’s effort to create a local competitor to Starlink satellite internet service—with all the privacy and security concerns that entails. And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Robot Lawn Mower Is a Security Nightmare Most people hope that the 200-pound robot with blades in their backyard cannot be easily hacked. Unfortunately for the owners of Yarbo, a $5,000 lawn mower robot that can also work as a leaf blower, snowblower, and edger, that was not the case. The Verge reports that a security researcher found numerous vulnerabilities in the lawn bots that could allow hackers to remotely take over the machines (including their camera feeds,) as well as extract owners' email addresses, Wi-Fi passwords, and home locations. After a Yarbo spokesperson told The Verge that the robots' “diagnostic environment is not publicly accessible,” the reporter and researcher demonstrated the security flaws and their potential consequences by nearly running…