NextFin
Search
NextFin

Researchers Uncover Critical Security Flaws in Unitree G1 Humanoid Robots Used by Security Forces

Tech News​
Tech News​Oct. 01, 2025
Summarized by NextFin AI
  • Cybersecurity experts revealed critical vulnerabilities in Unitree Robotics' G1 humanoid robots, allowing attackers to gain root-level wireless access and potentially create self-propagating botnets.
  • The UniPwn exploit affects multiple models including G1, H1, Go2, and B2, used by security forces and institutions worldwide, compromising thousands of robots with a single attack.
  • Unitree's use of hardcoded encryption keys for Bluetooth Low Energy setup has led to significant privacy and security concerns, as the G1 robot sends data to servers in China without user notification.
  • Unitree Robotics acknowledged the issues and is rolling out software updates, but researchers criticized their communication and highlighted ongoing challenges in securing IoT devices.

NextFin news, On Thursday, October 2, 2025, cybersecurity experts revealed critical security flaws in Unitree Robotics' G1 humanoid robots, which are deployed by various security forces and institutions worldwide. The vulnerabilities allow attackers to gain root-level wireless access, potentially turning the robots into self-propagating botnets.

The security breach was disclosed by researchers Andreas Markis and Kevin Finnisterre on September 20, 2025. Their findings, known as the UniPwn exploit, affect Unitree's G1 and H1 humanoid robots, as well as the Go2 and B2 quadruped models. These robots are used in laboratories, universities, and some police departments.

The flaw originates from Unitree's use of Bluetooth Low Energy (BLE) to facilitate Wi-Fi setup. The implementation relies on hardcoded encryption keys, which have been leaked online, making all devices vulnerable to the same exploit. This means a single attack can compromise thousands of robots, allowing hackers to control them remotely.

Moreover, the G1 humanoid robot reportedly sends data to servers in China every five minutes without user notification. This telemetry includes basic device information, but the lack of transparency has raised privacy and security concerns. Hackers exploiting the vulnerability could hijack the robot's systems to launch cyberattacks or cause malfunctions.

Markis explained to IEEE Spectrum that while a simple proof-of-concept attack could reboot the robot, more sophisticated exploits could cause significant damage. The vulnerability also enables infected robots to autonomously scan and infect other Unitree robots within Bluetooth range, creating a dangerous network of compromised devices.

Unitree Robotics responded on September 29, 2025, acknowledging the security issues and stating that most fixes have been completed. The company announced that software updates addressing the vulnerabilities will be rolled out soon. Unitree emphasized that their robots are designed for offline use by default and require manual authorization for internet connectivity. They also committed to improving permission management to prevent unauthorized data collection.

Despite the company's response, researchers expressed dissatisfaction with Unitree's communication during the disclosure process, citing previous incidents involving backdoor vulnerabilities in earlier models. Victor Mayoral-Vilches, founder of Alias Robotics, a robotics cybersecurity firm, recommended users disable Bluetooth connectivity and use Wi-Fi connections exclusively as a mitigation measure.

This incident highlights ongoing challenges in securing Internet of Things (IoT) devices, especially advanced robotics platforms with physical and digital access capabilities. The presence of hardcoded keys and hidden telemetry in security robots underscores the critical need for transparency and robust cybersecurity practices in the robotics industry.

Explore more exclusive insights at nextfin.ai.

Insights

What are the key features of Unitree's G1 humanoid robots?

How did the UniPwn exploit impact the security of these robots?

What vulnerabilities were identified in the Unitree G1 and H1 robots?

What is the significance of hardcoded encryption keys in this context?

How does the use of Bluetooth Low Energy (BLE) contribute to the security flaws?

What are the implications of the telemetry data being sent to servers in China?

How did Unitree Robotics respond to the security disclosures?

What are the potential consequences if these vulnerabilities are exploited by malicious actors?

What recommendations were made for users to enhance their security?

How do the security issues in Unitree robots reflect broader challenges in IoT device security?

What measures can be implemented to improve cybersecurity in robotics?

Have there been similar incidents involving security flaws in other robotics platforms?

What lessons can be learned from the Unitree G1 security breach?

How can companies ensure transparency in their data collection practices?

What long-term impacts could this incident have on the robotics industry?

How do security vulnerabilities in robotics affect public trust in autonomous systems?

What role does user education play in mitigating risks associated with robotic systems?

How can the robotics industry address the concerns raised by researchers regarding backdoor vulnerabilities?

What trends are emerging in the field of robotics cybersecurity?

What future developments can we expect from Unitree Robotics following this incident?

Search
NextFinNextFin
NextFin.Al
No Noise, only Signal.
Open App