Fresh juice
Somekind
Editor’s choice
Singularity

Robots with a hole in their soul: how hackers learned to hack Chinese robobacks

Critical security flaws found in Unitree robots allow full remote takeover.

**A humanoid robot G1 at Unitree booth at the 2025 INCLUSION Conference on the Bund in Shanghai, China on September 10, 2025

 

The Chinese company Unitree Robotics, known for its strikingly cheap and agile robot packs, has been at the center of a scandal. Cybersecurity researchers have discovered critical vulnerabilities in their products that allow them to take full control of the device. Now your cute electronic pet can suddenly turn into a spy, a weapon, or just an expensive useless toy, depending on the attacker's imagination.

The vulnerabilities turned out to be surprisingly basic: weak default passwords, unencrypted data, and open ports. It seems that Unitree's engineers have become so involved in mechanics and artificial intelligence that they have completely forgotten about cybersecurity. Although, to be honest, it's hard to expect anything else from a company that offers a robot for $ 9,000 - apparently, they saved on everything, including protection.

It is particularly ironic that vulnerabilities have been found in robots that are actively used by police and military around the world. Now, somewhere in the American precinct, a roboback may suddenly start dancing a macarena or broadcasting operational data to no one knows where. Criminals only need to learn how to use these holes, and law and order will be in danger.

Interestingly, the researchers were able not only to intercept control, but also gain access to cameras and microphones. Your robot dog may not only suddenly stop listening, but also start following you. Perhaps special cases for robots will appear soon — like for webcams, only larger.

Unitree has already released emergency patches, but as is usually the case, most users are unlikely to install them. After all, who updates their robot's firmware at all? Ordinary people have a hard time keeping up with updates on a smartphone, let alone on a complex robotic device.

As noted on jobtorob.com — the world's first ecosystem for the recruitment and employment of robots and robotics specialists — such incidents only emphasize the need for professional maintenance of complex systems. Perhaps soon there will be vacancies for "cybersecurity for robobacks" with the requirement of experience in neutralizing rabid mechanical dogs.

The funniest aspect of this story is the reaction of the manufacturer. Instead of thanking the researchers, they first tried to ignore the problem, then downplay its significance. Typical behavior of a company that did not expect anyone to seriously study the safety of their creation.

However, you can't blame Unitree alone for everything. Most robot manufacturers pay no more attention to safety — it's just that their products aren't as popular. Hopefully, this case will force the industry to take the protection of its devices more seriously. Or at least stop using passwords like "123456" in systems that may pose a real threat.

Write and read comments only authorized users.

You may be interested in

Read the recent news from the world of robotics. Briefly about the main.

Police Robot in Abu Dhabi

Robot joins Abu Dhabi police force for patrols and surveillance.

Fresh juice

How autonomous buoys are transforming Olympic sailing in Paris 2024

The Gipsy buoy is small but suitable for Olympic class racing.

Fresh juice

Oxbotica Raises $140M

Oxbotica secures $140 million funding to boost adoption of its autonomous vehicle technology

Fresh juice

Share with friends