Security researchers disclosed on 20 September a critical wireless vulnerability that can allow an attacker to gain root control of several Unitree robots, according to a public post named UniPwn. The researchers said the flaw affects Unitree’s Go2 and B2 quadrupeds and the G1 and H1 humanoids made by Unitree.
The researchers said the issue lies in the robots’ use of Bluetooth Low Energy (BLE) as a setup channel for Wi‑Fi configuration, and that encryption keys used for BLE are hardcoded and were later published on X in July as shown by a linked post. They reported that once an attacker can produce an authenticated BLE packet the robot will accept Wi‑Fi credentials that can include executable code.
According to the researchers, the robots validate that a BLE packet is encrypted but accept authentication if the string ‘unitree’ is encrypted with the hardcoded keys. From there, an attacker can inject arbitrary code disguised as a Wi‑Fi SSID and password, and the robot will attempt to run that code with root privileges when connecting to Wi‑Fi. Researcher Andreas Makris published a proof‑of‑concept that simply reboots the robot, and warned more persistent implants or exfiltration routines would be possible.
The researchers say they first informed Unitree in May and pursued responsible disclosure, but they stopped receiving responses in July and made the vulnerability public after further attempts to engage, according to their account. One researcher cited an earlier backdoor vulnerability in a Unitree model as part of the history; that earlier issue is documented in a separate advisory. Unitree did not respond to a request for comment cited in the disclosure.
Víctor Mayoral‑Vilches of Alias Robotics, who was not involved in the UniPwn post, told the researchers that users can mitigate risk in the short term by connecting robots only to isolated Wi‑Fi networks and disabling BLE. He also highlighted other concerns raised about Unitree devices in recent research, including a paper that examined undisclosed telemetry streaming, and noted that some organizations such as the Nottinghamshire Police have tested Unitree devices.
The researchers warned the vulnerability is wireless and therefore could be “wormable,” allowing infected robots to scan for and compromise others in BLE range, according to their post that discusses the wormable threat. The disclosure and related analysis are linked in the public UniPwn materials, and the authors plan to present on humanoid cybersecurity at the IEEE Humanoids Conference; additional information about their workshop and paper are available on the conference and Alias Robotics pages and in an arXiv preprint.