From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots [video] (media.ccc.de)

Researchers Shipei Qu, Zikai Xu, and Xuangan Xiao conducted a thorough security assessment of Unitree's robotic ecosystem, uncovering significant vulnerabilities that could lead to remote takeovers of their humanoid robots. They exploited flaws across various communication channels—Bluetooth, LoRa radio, WebRTC, and cloud services—allowing them to achieve root-level remote code execution. Remarkably, they also performed prompt injection attacks on the robots' embodied AI agents, enabling them to bypass restrictions on robotic movements imposed by the vendor, particularly in the consumer model G1 AIR. This groundbreaking work underscores the pressing need for security measures in the rapidly evolving field of robotics. As robots become increasingly prevalent in everyday life, their interconnectedness with AI and cloud services exposes them to potential exploitation. The researchers' findings not only provide a roadmap for manufacturers to enhance design security but also equip researchers and consumers with essential insights to evaluate vulnerabilities in emerging robotic applications. The implications for the AI/ML community are profound, signaling an urgent call for a security-first approach to safeguard these advanced cyber-physical systems from malicious attacks.