Researchers uncovered critical flaws in Unitree humanoid robots, exposing hidden data sharing and a hack that could create robot botnets.
Security researchers have uncovered a critical security flaw in the Bluetooth Low Energy setup of Unitree Robot ics’ humanoids and quadrupeds.On September 20, 2025, cybersecurity experts Andreas Markis and Kevin Finnisterre disclosed the UniPwn exploit, which affects the Unitree Go2 and B2 quadrupeds and the G1 and H1 humanoids.
These robots are already being used in labs, universities, and some police departments.Through this flaw, attackers can gain root-level access wirelessly and turn the robot into a self-propagating botnet. In simpler words, one infected robot can compromise other Unitree robots in a range, creating a group of hacked robots and giving rise to a dangerous situation.Decoding the vulnerabilityThe security flaw stems from Unitree using BLE to simplify WiFi setup. Usually, users connect to a robot via Bluetooth during ongoing use and later switch to WiFi.The researchers found that Unitree’s implementation relies on hardcoded encryption keys that had already been leaked online. If keys are hardcoded, it makes every device identical from a hacker’s perspective.That means a single exploit could compromise thousands of robots. For users, the difference only shows up later – through a hack, data leak, or malfunction.What’s more, the G1 robot secretly sends data to servers in China every five minutes without notifying the user. Hackers can hijack its computer and turn it into a tool for cyberattacks.In other words, what’s designed as a convenience feature can be exploited to attain complete control of the robot. Andreas Markis explained how an attack that looks simple could cause damage beyond imagination.“A simple attack might be just to reboot the robot, which we published as a proof of concept. But an attacker could do much more sophisticated things,” he said while speaking to IEEE Spectrum.An unsatisfactory responseMarkis and Finisterre also expressed their disappointment over unsatisfactory communication with Unitree Robotics when they revealed this problem to the company.We have had some bad experiences communicating with them,” Makris told IEEE Spectrum, citing an earlier backdoor vulnerability he discovered with the Unitree Go1.“So we need to ask ourselves—are they introducing vulnerabilities like this on purpose, or is it sloppy development? Both answers are equally bad,” he stated.On September 29, Unitree posted a statement on LinkedIn addressing the security concerns:“We have become aware that some users have discovered security vulnerabilities and network-related issues while using our robots,” the company wrote. “We immediately began addressing these concerns and have now completed the majority of the fixes. These updates will be rolled out to you in the near future.”As a solution, Victor Mayoral-Vilches, founder of robotics cybersecurity company Alias Robotics, suggested that users should connect Unitree robots only using WiFi and turn off Bluetooth connectivity.Food for thoughtBLE missteps and hidden telemetry have plagued IoT devices for over a decade. The difference is that these flaws now sit inside robots powerful enough to enter labs, stations, and even homes.G1 sending data every five minutes to China is also a notable cause of concern; however, data sharing is still expected by some users. To wrap it up, transparency and security aren’t optional extras, but mandatory practices that robotics companies need to prioritize.
Cybersecurity Cybersecurity Breach Robot Robotics Unitree G1 Unitree G2 Wifi
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Researchers turn human skin cells into eggs -- but not yet usable onesOregon scientists used human skin cells to create fertilizable eggs, a step in the quest to develop lab-grown eggs or sperm to one day help people conceive
Read more »
Researchers turn human skin cells into eggs -- but not yet usable onesOregon scientists used human skin cells to create fertilizable eggs, a step in the quest to develop lab-grown eggs or sperm to one day help people conceive.
Read more »
Researchers turn human skin cells into eggs -- but not yet usable onesOregon scientists used human skin cells to create fertilizable eggs, a step in the quest to develop lab-grown eggs or sperm to one day help people conceive.
Read more »
Researchers turn human skin cells into eggs — but not yet usable onesIt could take a decade of additional research before human trials.
Read more »
Researchers turn human skin cells into eggs — but not yet usable onesOregon scientists used human skin cells to create fertilizable eggs, a step in the quest to develop lab-grown eggs or sperm to one day help people conceive.
Read more »
Top AI researchers leave OpenAI, Google and Meta for new startup'The main objective of AI is not to automate white-collar work, the main objective is to accelerate science'
Read more »