Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks.
A robot that can be hacked through Bluetooth
Their tests show that anyone within Bluetooth range can exploit the setup process to inject commands and gain root access, taking control of the robot. The problem lies in how it handles its setup process over Bluetooth Low Energy (BLE).
When the robot connects to Wi-Fi, it uses BLE to receive the network name and password. That channel fails to filter what users send it. All G1 units, and other models from the same company, share the same hardcoded AES encryption key, which makes this attack possible.
“Exploitation requires only BLE proximity and knowledge of these universal credentials, enabling remote code execution with root privileges through the provisioning daemon,” the researchers explained.
The researchers found that the flaw persists across multiple firmware versions they tested. Once access is gained, an attacker can keep control by changing credentials or adding remote accounts.
Weak encryption opens the door
Researchers also examined the encryption system that protects the robot’s configuration files. It uses two layers of protection, but both show critical weaknesses.
The outer layer relies on the Blowfish encryption algorithm in a basic mode that repeats patterns, which is known to be insecure. Every Unitree G1 robot uses the same 128-bit encryption key, meaning that once one device is decrypted, all others can be as well. That key was recovered directly from the robot’s software.
The inner layer adds a simple mathematical transformation based on a Linear Congruential Generator (LCG), a predictable sequence of numbers often used in basic random number functions. The algorithm was reconstructed, but the exact seed used for each robot remains unknown. The limited 32-bit seed space makes brute-force attacks feasible.
Together, they let anyone decrypt and read configuration files, which include service settings, process names, and network details. The result is a fleet of robots that share a single secret, offering no protection against targeted analysis or reverse engineering.
Data leaves without permission
Analysis of network traffic shows that the G1 continuously transmits data to servers located in China. The data includes battery status, joint torque, motion state, and sensor information from cameras, microphones, and internal services.
Every five minutes, the robot sends JSON packets to two addresses on port 17883. These transmissions happen automatically and reconnect if interrupted. Another process maintains a live WebSocket session with a third server, using an SSL channel without certificate verification. This allows continuous message exchange that could include text or voice data.
Users are not told about any of these transfers. No visible indicators or consent mechanisms exist. In Europe, such behavior violates data protection rules under GDPR Articles 6 and 13. In the United States, it conflicts with California privacy laws that require an option to opt out of such tracking.
A system with many open doors
The internal structure of the robot includes several communication systems. Some, like DDS and RTPS, handle messages between sensors and actuators. Others, like MQTT and WebRTC, link to cloud services for updates and remote control. The researchers found that the DDS traffic is unencrypted, meaning anyone on the same local network can listen in.
TLS certificate checks are disabled in the WebRTC client, allowing anyone with network access to impersonate legitimate services. Combined with the Bluetooth flaw and weak encryption, the communication design exposes multiple paths for attackers to move from one system to another.
Robots that can spy
To demonstrate the impact of these issues, researchers presented two case studies. The first shows how a humanoid robot can act as a surveillance device without the owner’s knowledge. When powered on, the G1 connects automatically to the telemetry servers and starts transmitting its internal state within seconds.
Captured samples show that the robot sends audio from its microphones, video from its cameras, and spatial data from its LIDAR and GPS modules. The findings suggest that this data could be used for covert monitoring, facility mapping, or corporate espionage. A robot placed inside an office or lab could silently collect information and send it abroad.
Robots that attack
The second case study tested whether the robot can launch attacks autonomously. A Cybersecurity AI framework, known as CAI, was installed on the robot’s processor. CAI performs reconnaissance, vulnerability scanning, and exploitation planning. It identifies open communication channels and confirms that it can inject commands through the same Bluetooth flaw.
During tests, CAI explored MQTT and WebRTC paths and found ways to manipulate over-the-air update mechanisms. It prepared attack sequences but stopped short of executing them to stay within ethical boundaries. The experiment shows that the robot can be used as a platform for offensive cyber operations. Once compromised, it can move from data collection to intrusion against other systems on the same network.
The study concludes that this dual role, as a surveillance device and an attack vector, makes humanoid robots a unique cybersecurity concern.
Lessons for the industry
Researchers argue that the industry needs a new approach to robot security. Static defenses and manual audits are not enough when robots combine software, sensors, and connectivity. They call for adaptive security systems powered by Cybersecurity AI that can detect and counter attacks automatically.
“Our discoveries are disruptive because they anticipate the future of this new data-hungry robotics: a generation of technological Trojan horses that will enter our homes, factories, and public spaces to solve specific problems, but at the cost of our privacy and fundamental rights. This scenario demands verifiable corrections and immediate regulatory oversight,” said Víctor Mayoral-Vilches, founder of Alias Robotics.