On September 20, security researchers revealed on X that Unitree Robotics’ futuristic humanoid robots can be hijacked during the Bluetooth Low Energy setup, allowing close-range attackers to fully control them and spread malware from device to device.
The vulnerability quickly triggered a global issue. The flaw targets a simple setup process and affects robots already deployed in universities, labs, and even law enforcement.
What was designed to simplify tasks has now given rise to critical security vulnerabilities.
Weak Encryption Behind the Attack
The core issue is how Unitree’s Bluetooth Low Energy (BLE) system handles Wi-Fi configuration. Researchers found that any nearby person can insert commands and take control through robot Bluetooth vulnerability.
“Exploitation requires only BLE proximity and knowledge of these universal credentials, enabling remote code execution with root privileges through the provisioning daemon,” the researchers explained.
All of the devices have the same hardcoded encryption key, so if one robot is hacked, all the rest are vulnerable. The design flaw puts thousands of units at risk from what experts refer to as a Bluetooth worm robot attack.
Moreover, weak encryption makes things worse. Unitree relies on outdated algorithms like Blowfish and predictable random number sequences that reduce brute-force attacks to children’s play.
Once an attacker decodes the files, they can read network data, change system settings, and keep access forever, turning these futuristic humanoid robots into permanent backdoors.
Other related risks, such as humanoid robot hacking and malware, exposed how easily a security flaw in one connected machine can spread to an entire network of devices.
Robot Malware and Data Leak
The G1 futuristic humanoid robot also sends telemetry data, such as audio, video, and motion measurements, to China-based servers every five minutes, without explicit user permission. The connection is resumed automatically upon disruption and lacks proper certificate checks.
In regions like the European Union (EU), such hidden data transfers breach privacy laws under the General Data Protection Regulation (GDPR). Security experts see it as a wake-up call for cybersecurity robotics, especially with the next generation of robots now tied to public spaces and workplaces.
“We have become aware that some users have discovered security vulnerabilities and network-related issues while using our robots. We immediately began addressing these concerns and have now completed the majority of the fixes. These updates will be rolled out to you in the near future,” Unitree responded on LinkedIn.
Yet, according to what researchers like Alias Robotics’ Víctor Mayoral-Vilches say, the company ignored previous warnings. The devices, he stated, are “technological Trojan horses” that can undermine privacy and the future of robotics security.
Therefore, experts suggest users turn off Bluetooth, install security patches, and avoid unsecured connections, because simple steps would prevent a wormable Bluetooth exploit or supply chain attack.
New Reality in Patching Humanoid Robots
The robot supply chain attack draws attention to a much-needed exigency for better digital defenses. Considering the level of intelligence and mobility robots have gained thus far, poor encryption or open channels could see them exploited as platforms for attack.
“A simple attack might be just to reboot the robot, which we published as a proof of concept. But an attacker could do much more sophisticated things,” Andreas Markis told IEEE Spectrum.
To secure futuristic humanoid robots, experts recommend verified updates, encryption testing, and faster patching humanoid robots to keep vulnerabilities from spreading before they get out of hand.
The future of humanoid robots promises to reform human life, but what is not said publicly is that it also exposes a gap between the humanoid robot build and its protection. Security in robots is lagging their intelligence, exposing how advanced robotics still lack basic cybersecurity essentials for safe real-world deployment.
As autonomy increases, hacking robot practices are, and probably will continue to expand faster than current cybersecurity frameworks, triggering a warning that in the quest for more intelligent machines, safety cannot be overlooked.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Intelligent Tech sections to stay informed and up-to-date with our daily articles.