UniPwn: Critical Zero-Day Flaw Found in Unitree Robots Allows Root Access via Bluetooth
Specialists have disclosed a new critical vulnerability in the wireless network configuration procedure of Unitree robots. The flaw, dubbed UniPwn, was detailed on September 20 and affects the quadruped models Go2 and B2, as well as the humanoid robots G1 and H1. Exploiting this weakness allows an attacker to gain full root-level control over the machines via Bluetooth Low Energy (BLE). According to IEEE Spectrum, this marks the first publicly documented exploit targeting a commercial humanoid platform.
Technically, the attack exploits the initial Wi-Fi pairing process over BLE. Although messages at this stage are encrypted, the encryption keys were hardcoded into the firmware and leaked publicly as early as July. Authentication is so weak that encrypting the string “unitree” with those static keys convinces the robot to treat the device as trusted. From there, arbitrary text can be injected into the SSID and password fields, which the system interprets and executes with elevated privileges during the connection attempt. In demonstrations, researchers showcased a remote reboot as the simplest example, but the same mechanism could install trojans on startup, block firmware updates, or exfiltrate sensitive data.
The primary danger lies in the exploit’s wireless nature: a compromised robot can scan its environment, detect other Unitree robots within BLE range, and autonomously infect them, effectively creating a self-propagating botnet. This worm-like spread requires nothing more than physical proximity, without any user interaction.
The vulnerability was discovered in May, and researchers attempted disclosure to the vendor, but communications with Unitree ceased by July. By the time of public release, the flaw remained unpatched. The cause remains ambiguous: whether negligence in embedding static keys and using weak validation, or something more deliberate, the risk is no less severe than that of an intentional backdoor.
Alias Robotics, which had previously exposed Unitree’s telemetry transmissions—including audio, video, and spatial data sent to servers in China—also criticized the company. The researcher noted that Unitree’s affordability and accessibility make its robots attractive targets, with vulnerabilities quickly gaining real-world impact, particularly when deployed in public services. For example, the Go2 model has been tested by the Nottinghamshire Police in the UK, though attempts to alert the department in advance were unsuccessful.
In the short term, experts recommend physically isolating the robots within segmented Wi-Fi networks and disabling Bluetooth. Long-term mitigation requires removing hardcoded secrets, overhauling authentication mechanisms, and enforcing strict input validation during configuration. Yet, researchers emphasize that risk can never be entirely eliminated: the sheer complexity and attack surface of modern humanoids ensure new weaknesses will inevitably surface.
The broader context is crucial. Unitree is not the only potential risk vector, and similar flaws may well exist in other commercial platforms. The implications of one high-profile compromise extend beyond individual models and could erode trust in the entire industry, as an uncontrolled robot poses the threat of genuine physical harm.
From September 30 to October 2, at the IEEE Humanoids Conference in Seoul, the authors of this research will present their paper “Humanoid Robots as Attack Vectors”, calling for cybersecurity to be embedded into design practices from the very outset.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
