Ammon News - ecurity researchers have uncovered a critical security flaw in the Bluetooth Low Energy (BLE) setup of Unitree Robotics’ humanoids and quadrupeds.

On September 20, 2025, cybersecurity experts Andreas Markis and Kevin Finnisterre disclosed the UniPwn exploit, which affects the Unitree Go2 and B2 quadrupeds and the G1 and H1 humanoids. These robots are already being used in labs, universities, and some police departments.

Through this flaw, attackers can gain root-level access wirelessly and turn the robot into a self-propagating botnet. In simpler words, one infected robot can compromise other Unitree robots in a range, creating a group of hacked robots and giving rise to a dangerous situation.

Decoding the vulnerability
The security flaw stems from Unitree using BLE to simplify WiFi setup. Usually, users connect to a robot via Bluetooth during ongoing use and later switch to WiFi.

The researchers found that Unitree’s implementation relies on hardcoded encryption keys that had already been leaked online. If keys are hardcoded, it makes every device identical from a hacker’s perspective.

That means a single exploit could compromise thousands of robots. For users, the difference only shows up later – through a hack, data leak, or malfunction.

What’s more, the G1 robot secretly sends data to servers in China every five minutes without notifying the user. Hackers can hijack its computer and turn it into a tool for cyberattacks.

In other words, what’s designed as a convenience feature can be exploited to attain complete control of the robot. Andreas Markis explained how an attack that looks simple could cause damage beyond imagination.

“A simple attack might be just to reboot the robot, which we published as a proof of concept. But an attacker could do much more sophisticated things,” he said while speaking to IEEE Spectrum.

An unsatisfactory response
Markis and Finisterre also expressed their disappointment over unsatisfactory communication with Unitree Robotics when they revealed this problem to the company.

We have had some bad experiences communicating with them,” Makris told IEEE Spectrum, citing an earlier backdoor vulnerability he discovered with the Unitree Go1.

“So we need to ask ourselves—are they introducing vulnerabilities like this on purpose, or is it sloppy development? Both answers are equally bad,” he stated.

On September 29, Unitree posted a statement on LinkedIn addressing the security concerns:

“We have become aware that some users have discovered security vulnerabilities and network-related issues while using our robots,” the company wrote. “We immediately began addressing these concerns and have now completed the majority of the fixes. These updates will be rolled out to you in the near future.”

As a solution, Victor Mayoral-Vilches, founder of robotics cybersecurity company Alias Robotics, suggested that users should connect Unitree robots only using WiFi and turn off Bluetooth connectivity.

Food for thought
BLE missteps and hidden telemetry have plagued IoT devices for over a decade. The difference is that these flaws now sit inside robots powerful enough to enter labs, stations, and even homes.

G1 sending data every five minutes to China is also a notable cause of concern; however, data sharing is still expected by some users. To wrap it up, transparency and security aren’t optional extras, but mandatory practices that robotics companies need to prioritize.