Unitree Robotics Addresses Robot Security Flaw, Update Imminent

On September 29, 2025, China’s Unitree Robotics issued a statement on X, responding to recent robot security concerns, confirming that most reported vulnerabilities and network issues have been fixed, with a software update set to roll out soon.

According to IEEE Spectrum, security researchers disclosed on September 20 that critical flaws in the Bluetooth Low Energy (BLE) Wi-Fi configuration interfaces of Unitree’s Go2 and B2 quadruped robots and G1 and H1 humanoid robots could allow wireless exploitation, enabling full control of affected units. The vulnerabilities also exhibit “worm-like” propagation, where infected robots autonomously scan and compromise other Unitree robots within Bluetooth range, potentially forming a botnet without human intervention.

Unitree clarified that its robots are designed for offline use by default, requiring manual user authorization for internet connectivity. When connected, robots transmit only basic data like serial numbers and health status to servers in Singapore or local regions, with a commitment to not collecting private or sensitive data without consent. The company pledged to enhance permission management to address misunderstandings.

This isn’t Unitree’s first security response. In July 2022 and September 2, 2025, it addressed prior incidents, including a case where hackers illegally accessed management keys for a third-party cloud tunnel service used by the discontinued Go1 robot (halted two years ago), tampering with data and gaining control. Subsequent models, unaffected, abandoned that service.

IEEE Spectrum noted that Unitree isn’t alone—similar vulnerabilities may exist in other complex robotic platforms. While robotics firms rarely discuss security publicly, uncontrolled robots pose real physical risks, underscoring the need for robust safeguards.