Unitree have a number of robotic offerings, and are one of the first manufacturers offering humanoid robotic platforms. It seems they are also the subject of UniPwn, one of the first public exploits of a vulnerability across an entire robotic product line. In this case, the vulnerability allows an attacker not only to utterly compromise a device from within the affected product lines, but infected robots can also infect others within wireless range. This is done via a remote command-injection exploit that involves a robot’s Bluetooth Low Energy (BLE) Wi-Fi configuration service.

While this may be the first public humanoid robot exploit we have seen (it also affects their quadruped models), the lead-up to announcing the details in a post on X is a familiar one. Researchers discover a security vulnerability and attempt responsible disclosure by privately notifying the affected party. Ideally the manufacturer responds, communicates, and fixes the vulnerability so devices are no longer vulnerable by the time details come out. That’s not always how things go. If efforts at responsible disclosure fail and action isn’t taken, a public release can help inform people of a serious issue, and point out workarounds and mitigations to a vulnerability that the manufacturer isn’t addressing.
The biggest security issues involved in this vulnerability (summed up in a total of four CVEs) include:
- Hardcoded cryptographic keys for encrypting and decrypting BLE control packets (allowing anyone with a key to send valid packets.)
- Trivial handshake security (consists simply of checking for the string “unitree” as the secret.)
- Unsanitized user data that gets concatenated into shell commands and passed to
system()
.
The complete attack sequence is a chain of events that leverages the above in order to ultimately send commands which run with root privileges.
We’ve seen a Unitree security glitch before, but it was used to provide an unofficial SDK that opened up expensive features of the Go1 “robot dog” model for free. This one is rather more serious and reportedly affects not just the humanoid models, but also newer quadrupeds such as the Go2 and B2. The whole exploit is comprehensively documented, so get a fresh cup of whatever you’re drinking before sitting down to read through it.
Reminds me of the Tom Selleck movie, “Runaway.”…
Wow, it’s really pathetic how trivial these flaws are. They are just begging for their robots to be exploited.
I, for one, welcome our new robot overlords. Although they look like the old robot overlords, but acting slightly differently.
Is it a facial twitch? Maybe you’ve found Lore instead of Data.
So this is on top of them phoning home and leaking a lot of confidential information about where the robot is and what the owner is doing with it?
Pretty sure there was a movie about this exact situation going on but it was a rogue AI injecting and running the exploit. Damn those Three Laws!!!
I hope someone makes them act like Bender.
Yeah, they “accidentally” left in a security exploit that just happens to also allow compromised robots to infect others. That doesn’t sound like an AI plot to create an army of terminators at all! Has anyone actually seen the CEO of Unitree in real life? 🤔
Johnny 5: Need Input!!!
Do you want Terminators?
Because this is how you get Terminators.
(Yes it is Other Barry, yes it is.)
They’re turning the fricken sex-bots gay!