Unitree G1 humanoid robot security vulnerabilities and non-consentual telemetry (arxiv.org)

Researchers performed a systematic security assessment of the Unitree G1 humanoid and found it can act as both a covert surveillance node and an active cyber-operations platform. Initial access is achievable via the robot’s BLE provisioning protocol: a command‑injection flaw lets an attacker gain root by supplying malformed Wi‑Fi credentials, and exploitation is simplified by hardcoded AES keys shared across devices. Partial reverse engineering of Unitree’s FMX protection uncovered a static Blowfish‑ECB layer and a predictable LCG mask, which together weaken the encryption and permit deeper inspection of an otherwise relatively mature commercial robotics security stack. Empirical tests show the robot continuously exfiltrates multi‑modal sensor and service‑state telemetry to external HTTP endpoints every 300 seconds without operator notice, raising probable violations of GDPR transparency and lawful‑processing requirements. Beyond passive data leakage, the platform can host a resident “Cybersecurity AI” (CAI) agent that escalates from reconnaissance to offensive preparation — for example pivoting toward the manufacturer’s cloud control plane — demonstrating how humanoids can move from spying tools to active attack vectors. For the AI/ML and robotics communities this underscores the need to treat embodied agents as integrated cyber-physical threat surfaces: hardcoded keys, weak crypto modes, and insecure provisioning are systemic risks. The authors argue for adaptive, CAI‑aware defenses, stricter supply‑chain cryptography, secure provisioning protocols, and standards for physical–cyber convergence as humanoids enter critical infrastructure.