A critical vulnerability in the Bluetooth Low Energy (BLE) Wi-Fi configuration interface used by several different Unitree robots can result in a root level takeover by an attacker, security researchers disclosed on 20 September. The exploit impacts Unitree’s Go2 and B2 quadrupeds and G1 and H1 humanoids. Because the vulnerability is wireless, and the resulting access to the affected platform is complete, the vulnerability becomes wormable, say the researchers, meaning “an infected robot can simply scan for other Unitree robots in BLE range and automatically compromise them, creating a robot botnet that spreads without user intervention.”
Initially discovered by security researchers Andreas Makris and Kevin Finisterre, UniPwn takes advantage of several security lapses that are still present in the firmware of Unitree robots as of 20 September, 2025. As far as IEEE Spectrum is aware, this is the first major public exploit of a commercial humanoid platform.
Unitree Robots’ BLE Security Flaw Exposed
Like many robots, Unitree’s robots use an initial BLE connection to make it easier for a user to set up a Wi-Fi network connection. The BLE packets that the robot accepts are encrypted, but those encryption keys are hardcoded and were published on X (formerly Twitter) by Makris in July. Although the robot does validate the contents of the BLE packets to make sure that the user is authenticated, the researchers say that all it takes to become an authenticated user is to encrypt the string ‘unitree’ with the hardcoded keys and the robot will let someone in. From there, an attacker can inject arbitrary code masquerading as the Wi-Fi SSID and password, and when the robot attempts to connect to Wi-Fi, it will execute that code without any validation and with root privileges.
“A simple attack might be just to reboot the robot, which we published as a proof-of-concept,” explains Makris. “But an attacker could do much more sophisticated things: It would be possible to have a trojan implanted into your robot’s startup routine to exfiltrate data while disabling the ability to install new firmware without the user knowing. And as the vulnerability uses BLE, the robots can easily infect each other, and from there the attacker might have access to an army of robots.”
Makris and Finisterre first contacted Unitree in May in an attempt to responsibly disclose this vulnerability. After some back and forth with little progress, Unitree stopped responding to the researchers in July, and the decision was made to make the vulnerability public. “We have had some bad experiences communicating with them,” Makris tells us, citing an earlier backdoor vulnerability he discovered with the Unitree Go1. “So we need to ask ourselves—are they introducing vulnerabilities like this on purpose, or is it sloppy development? Both answers are equally bad.” Unitree has not responded to a request for comment from IEEE Spectrum as of press time.
“Unitree, as other manufacturers do, has simply ignored prior security disclosures and repeated outreach attempts,” says Víctor Mayoral-Vilches, the founder of robotics cybersecurity company Alias Robotics. “This is not the right way to cooperate with security researchers.” Mayoral-Vilches was not involved in publishing the UniPwn exploit, but he has found other security issues with Unitree robots, including undisclosed streaming of telemetry data to servers in China which could potentially include audio, visual, and spatial data.
Mayoral-Vilches explains that security researchers are focusing on Unitree primarily because the robots are available and affordable. This makes them not just more accessible for the researchers, but also more relevant, since Unitree’s robots are already being deployed by users around the world who are likely not aware of the security risks. For example, Makris is concerned that the Nottinghamshire Police in the UK have begun testing a Unitree Go2, which can be exploited by UniPwn. “We tried contacting them and would have disclosed the vulnerability upfront to them before going public, but they ignored us. What would happen if an attacker implanted themselves into one of these police dogs?”
How to Secure Unitree Robots
In the short term, Mayoral-Vilches suggests that people using Unitree robots can protect themselves by only connecting the robots to isolated Wi-Fi networks and disabling their Bluetooth connectivity. “You need to hack the robot to secure it for real,” he says. “This is not uncommon and why security research in robotics is so important.”
Both Mayoral-Vilches and Makris believe that fundamentally it’s up to Unitree to make their robots secure in the long term, and that the company needs to be much more responsive to users and security researchers. But Makris says: “There will never be a 100 percent secure system.”
Mayoral-Vilches agrees. “Robots are very complex systems, with wide attack surfaces to protect, and a state-of-the-art humanoid exemplifies that complexity.”
Unitree, of course, is not the only company offering complex state-of-the-art quadrupeds and humanoids, and it seems likely (if not inevitable) that similar exploits will be discovered in other platforms. The potential consequences here can’t be overstated—the idea that robots can be taken over and used for nefarious purposes is already a science fiction trope, but the impact of a high-profile robot hack on the reputation of the commercial robotics industry is unclear. Robots companies are barely talking about security in public, despite how damaging even the perception of an unsecured robot might be. A robot that is not under control has the potential to be a real physical danger.
At the IEEE Humanoids Conference in Seoul from 30 September to 2 October, Mayoral-Vilches has organized a workshop on Cybersecurity for Humanoids, where he will present a brief (co-authored with Makris and Finisterre) titled Humanoid Robots as Attack Vectors. Despite the title, their intent is not to overhype the problem but instead to encourage roboticists (and robotics companies) to take security seriously, and not treat it as an afterthought. As Mayoral-Vilches points out, “robots are only safe if secure.”