Popular Unitree G1 Robots Pose Serious Security Risks
Alarming security flaws have been uncovered in the popular Unitree G1 humanoid robot, raising serious concerns about its use in homes, businesses, and critical infrastructure. The robots, developed and distributed by Unitree Robotics, can be exploited for covert surveillance and even launch cyberattacks on networks.
Researchers have published their findings on arXiv (DOI: 10.48550/arxiv.2509.14139), detailing how the G1's custom encryption method protecting its internal configuration files is fundamentally flawed. Worse still, the robots secretly send data to servers in China every five minutes, unbeknownst to users.
The study reveals that G1's onboard computer can be repurposed for offensive operations, posing a significant security risk. The robots' Bluetooth Low Energy setup has weak encryption, easily bypassed with a hardcoded key. Despite attempts to warn Unitree Robotics about these issues, the company has not responded further.
Given the widespread use of G1 robots in various settings, these security flaws necessitate immediate attention. Securing humanoid robots like the G1 requires adaptive cybersecurity AI frameworks to address physical-cyber convergence systems. Until these issues are resolved, users should exercise caution and consider the potential risks when deploying these robots.