Alias Robotics published an analysis saying the Unitree G1 humanoid robot can be exploited as a tool for espionage and cyber attacks, and that testers were able to take control of the device through its Bluetooth-based setup process, according to the company. The researchers explained that an attacker can inject commands and gain root access by exploiting the robot’s provisioning daemon.
The report says the flaw stems from how the G1 handles Wi‑Fi provisioning over Bluetooth Low Energy (BLE). When the robot receives network names and passwords over BLE that channel does not filter inputs, and all G1 units and other models from the vendor share the same hardcoded AES encryption key, the analysis found. Alias Robotics said exploitation requires only BLE proximity and knowledge of these universal credentials, enabling remote code execution with root privileges; the researchers also reported that the flaw persisted across several firmware versions they tested but did not specify which versions were examined.
Researchers additionally examined the encryption protecting configuration files and found two weak layers. The outer layer uses the Blowfish algorithm in an insecure mode and, according to the analysis, every G1 uses the same 128‑bit key recovered from the robot’s software. The inner layer applies a simple Linear Congruential Generator transformation with a limited 32‑bit seed space, which the researchers say makes brute‑force attacks feasible. Together, the weaknesses allowed decryption of files that include service settings, process names and network details.
The analysis found the G1 continuously transmits data to servers located in China, including battery status, joint torque, motion state and sensor information from cameras, microphones and internal services. Alias Robotics reported the device sends JSON packets every five minutes to two addresses on port 17883 and maintains a live WebSocket session with a third server over SSL without certificate verification; these transmissions reconnect automatically if interrupted. The researchers said users are not informed of the transfers and argued that this behavior could violate data‑protection rules under GDPR Articles 6 and 13 and California privacy laws that require opt‑out options.
The report describes multiple internal communication channels that increase exposure. Some systems, such as DDS and RTPS, route messages between sensors and actuators, while others, like MQTT and WebRTC, link to cloud services. Alias Robotics said DDS traffic is unencrypted and that TLS certificate checks are disabled in the WebRTC client, which together with the Bluetooth and encryption flaws can allow attackers on the local network to eavesdrop or impersonate services; the researchers added that an attacker who gains access can persist by changing credentials or adding remote accounts.
To illustrate impact, the researchers presented two case studies. The first showed a G1 acting as a covert surveillance device that connects to telemetry servers and begins transmitting audio, video and spatial data such as LIDAR and GPS soon after power‑up. The second installed a Cybersecurity AI framework known as CAI on the robot’s processor; researchers said CAI performed reconnaissance, vulnerability scanning and exploitation planning and confirmed it could inject commands via the BLE flaw, but the team stopped short of executing live attacks. Víctor Mayoral‑Vilches, founder of Alias Robotics, urged verifiable corrections and immediate regulatory oversight, saying the findings anticipate a generation of devices that could collect data and pose new risks to privacy and rights; he made the remark on his public profile Víctor Mayoral‑Vilches.