Researchers have uncovered a serious security flaw in several commercial Unitree robots that enables full system takeover via their Bluetooth Low Energy (BLE) interface. The vulnerability affects popular models including the Go2 and B2 quadrupeds and G1 and H1 humanoids. What makes it especially dangerous is its “wormable” nature: once one robot is compromised, it can scan for other nearby robots and automatically infect them, tells IEEE Spectrum.
The exploit, dubbed UniPwn, leverages hardcoded encryption keys embedded in the robots ’ firmware. Although BLE packets are nominally encrypted, the static keys were published on social media months ago. By crafting a BLE packet encrypted with those keys, an attacker can trick the robot into granting access. From there, malicious firmware or code can be injected, disguised as user credentials, and run with root privileges. This allows actions such as rebooting the robot, implanting persistent trojans, or disabling firmware updates—all without detection.
The flaw was first reported by security researchers Andreas Makris and Kevin Finisterre, who attempted responsible disclosure in May. When Unitree ceased responding, the researchers went public in September. As of the article’s publication, Unitree posted a response claiming fixes were under development.
Meanwhile, independent experts criticized Unitree’s response, noting the company has ignored prior security warnings. One observer noted that robotics firms often prioritize security as secondary, even though an uncontrolled physical system poses a significant risk. A wider concern: as more robots move into public, commercial, or institutional roles, vulnerabilities such as this could harm safety, trust, and adoption of robotic systems.
Owners are advised to disable BLE, connect robots only to isolated networks, and limit external exposure. However, the bigger lesson is clear: commercial robots must be built with security in mind from the outset. When your robot can be commandeered over wireless, it’s no longer just a gadget; it’s a potential weapon.