Spoiler: I'm known for being critical of automation and this time will be no exception.
Full disclosure: although I use another Worx product, I have not done any hands-on examination on this line of mowers.
Only recently did I learn of the existence of automated lawn mowers - and apparently they've been around for awhile. In the process of discovering this, I've not changed my attitude about the automation of potentially dangerous devices. But I did learn much that I didn't know with just a bit of searching.
First, the forum conversation largely discusses limitations in the device capability, such as the issue of sensing short obstacles under 15 cm or 5 inches. It also (at default) uses a random algorithm like the Roomba vacuum cleaner in order to eventually cover all of its assigned area. This default can be changed with specified instructions, though this could be challenging for the mower's target audience, which is retired homeowners. [ :begin rant: Our wireless world now makes Joe Sixpack his own network administrator, meaning that many, many issues of technological maintenance will go undone... :end rant: ] And there's the possible odd appearance of random patterns cut into the grass.
But a search confirms many of my automation suspicions. In addition to onboard controls, the device is operated through phone applications and router connections. A location feature uses GPS information from cell towers to locate a lost Landroid should it stray from its assigned zone, which is delineated with a wire that must be installed at the area's edge, forming a "fence". And hackaday(dot)com reports the controller as using a "an NXP LPC1768 ARM Cortex-M3, and the debug pins are labelled on the backside. The manufacturer didn't protect the flash memory". This level of automation brings several possibilities to mind: there is already talk of some manufacturers of programmable mowers being able to restrict replacement parts to expensive proprietary ones, and of using later software to brick earlier versions. And if you don't get along with your neighbor, why not have his mower cut dirty words into the yard, bricking itself upon completion? And how much onboard memory and storage have we got? Spam server, anyone? Get your whole situation blacklisted, anyone? But the obvious issues to me would simply be that the connectivity is yet another route to the router, to be used to exploit more general vulnerabilities - and that wifi range is not properly sensed by the unit in order to avoid losing the ability to receive commands (to Work's credit, their site does note the issue and advises as to how possibly to avoid it). And the potential (haha) for coding issues and Personally Identifiable Information misuse always exists with manufacture-provided apps AND the phone companies through which such apps almost always operate.
So aside of questions of practicality (does an automated mower create more work for the user than it saves?), this appears to be yet another category of unpatched potential holes in someone's digital exposure. But it's an interesting category to investigate. From a pentesting perspective, the installation of such automated convenience devices could provide clues about the level of security overall, and about the psychology of the target user(s).
