The only more haunted thing than a robot that can harden other robots is a robot that can hammer other robots, which can also walk. The author claims that humanoid works from the Unitree manufacturer are susceptible to exploit, which settles “on devices and then infect the next devices from the reach” and it is estimated that it will affect the entire line of recent generation products.
It all according to Andreas Macris, aka Bin4rydigs is xand Kevin Finisterre (via Hackaday). Have Girub A site discussing their discoveries, as well as their attempts to reach Unitree. Bin4rydigit claims that Unipwn (Exploit) is “the first public use of humanoid robots.”
Github shows that the safety of the safety hand between the devices is “ridiculously simple” and is simply looking for “Unitree” in encrypted packages. This means that you should ask you to receive data, check that the second user is authenticated with a uncomplicated sequence. After connecting, he checks the serial number, initiates Wi-Fi mode and sets the country code.
As part of this grouping of evil actors, they can inject loads, which ultimately allows them to give orders with root permissions, i.e. taking control.
What makes this particular exploit risky is that it can follow commands such as injecting malware, and can even be used to spread to other nearby works. Github states: “an infected robot can simply scan in search of other unitree robots in the field of BLE and automatically threaten them, creating a botnet robot that spreads without user intervention.” Ble stands on Bluetooth low Energy, a current Bluetooth specification.
Here is the first public operate of humanoid robots with @D0tslash and I: https: //t.co/8jhpdhtvqcbut This susceptibility is present in the entire product line of the recent generation product @Unitreerobotics. Even worms are susceptible, the attacker can not only take over …September 20, 2025
Those who noticed Hack claim that they have achieved a lot of e -Maili in which “Unitree showed no significant commitment or interest in solving security problems.” This report claims that “no confirmation or repair schedule has been given.”
Bin4rydigit states that “they have observed responsible practices of disclosing information and cooperate with Unitree to solve these problems.”
Although on the days when the report was made public, since then, Unitree responded to his statement LinkedIn. In him he says that “he finished most of the corrections.”
“We realized that some users have discovered gaps in security and problems related to the network while using our robots. We immediately began to deal with these fears and now we completed most of the corrections. These updates will be introduced for you in the near future.
“At Unitree, we have always put a lot of emphasis on protecting user privacy, but also to ensure cyber security and information security of our products and systems. Without user authorization, we do not collect any private or sensitive data. We are involved in constant improvement and improvement of our products to provide you with safer and more reliable solutions. In addition, we accept more advanced technical solutions to eliminate solutions in security. and care.
The statement continues: “Thank you for the supervision and help in identifying the gaps in security. We work together to achieve progress in the field of intelligent robot safety.”
“Unitree, like other producers, simply ignored the previous disclosure of security and repetitive help attempts,” says Víctor Mayoraral-Vilches, founder of Robotics Cyberscurity Company Company alias robotics (via via Spectrum). Mayoral-Vilches led a workshop this week at the IEEE Humanoids conference in Seoul entitled “Humanoid works as an attack vectors”, which is really a terrible opinion.
If you are wondering where you know the name Unitree, it appeared for a few quite strange goals over the past year. Here are just a few reasons:
I prefer when robots wear humorous clothes and fall over, instead of creating networks of walking hacking machines, but I don’t know about you.
The best PC game set 2025
