Unitree Robots Vulnerable to Remote Code Execution
A significant security vulnerability has been discovered in Unitree’s popular line of robots, including the G1, H1, GO1, B2, and R1 models. The flaw allows for remote code execution (RCE), enabling unauthorized individuals to gain root access to the robots’ main boards, even without physical access or an active internet connection. This discovery raises serious concerns for owners and the broader robotics community.
The Bluetooth BLE Vulnerability
The core of the security issue lies in the robots’ Bluetooth Low Energy (BLE) functionality. According to security researchers, the BLE module on the main board is always active when the robot is powered on, and crucially, it uses hard-coded AES keys that are identical across the entire fleet of Unitree robots. This lack of unique encryption keys is a fundamental security misstep.
While the intended purpose of this BLE connection was limited to updating Wi-Fi credentials, researchers found that it’s possible to inject arbitrary terminal commands into the Wi-Fi password field. When these credentials are submitted, the injected commands are executed with root privileges on the robot’s main board. This means an attacker within Bluetooth range could potentially take full control of the robot.
Demonstrating the Exploit
To prove the severity of this vulnerability, a demonstration was conducted using a Unitree G1 robot. The process involved using a tool called ‘unipone’ to exploit the BLE connection. The demonstration showed that by injecting a simple ‘reboot’ command through the Wi-Fi password field via Bluetooth, the robot could be remotely rebooted without any physical connection or internet access.
The demonstration highlighted several key points:
- The robot was powered on with no Ethernet cable plugged in and the remote control turned off.
- The exploit was initiated solely through the robot’s BLE interface.
- A ‘reboot’ command was successfully injected via the Wi-Fi password field.
- The robot subsequently rebooted, exhibiting signs of a system restart, including its characteristic boot-up hand sequence.
The implications of this are staggering. With root access, an attacker could theoretically perform any action on the robot, from bricking the device entirely to potentially causing physical harm, especially given the advanced capabilities of these robots.
Telemetry and Data Concerns
Beyond remote code execution, the research also raised concerns about persistent telemetry data. While Unitree’s official statement addressed these claims, suggesting that data is only collected with user authorization for specific functions and is similar to how smartphones operate, the demonstration cast doubt on the clarity and control users have over this process.
The demonstration showed that even without explicit user action to connect to the internet, the robot would attempt to establish connections and transmit data once configured to use a specific Wi-Fi network. This was achieved by setting up a rogue access point and then using the BLE exploit to force the robot to connect to it. The observed data transmission, while its exact content remains encrypted and unverified by external parties, suggests ongoing communication that users may not be fully aware of.
Unitree’s Response
Unitree has released a statement acknowledging the discovered security vulnerabilities and network-related issues. The company claims to have addressed the majority of these concerns and plans to roll out updates in the near future. However, the statement has been met with skepticism, particularly regarding the claim that robots are designed for offline use and only connect to the internet with manual configuration and authorization.
The demonstration suggests that the hard-coded AES keys remain a critical vulnerability, meaning that even with software updates, the fundamental weakness in BLE security could persist. Unitree’s response also seemed to downplay the RCE aspect, focusing more on telemetry concerns, which researchers argue is not the most critical issue.
Why This Matters
The discovery of these security flaws in Unitree robots has significant real-world implications:
- Safety Risks: The potential for remote code execution means that a compromised robot could be used to cause physical harm or damage.
- Data Privacy: Concerns about unauthorized data collection and transmission, even if anonymized, raise questions about user privacy.
- Intellectual Property: For researchers and developers using these robots as R&D platforms, a security breach could compromise their work.
- Trust in Robotics: Such vulnerabilities erode trust in the security of advanced robotic systems, potentially slowing down adoption in critical sectors.
The situation underscores the critical importance of robust cybersecurity measures in the development of AI and robotics. As robots become more integrated into our lives, ensuring their security and the privacy of their users must be a top priority for manufacturers.
Looking Ahead
The community awaits Unitree’s promised updates and further clarification on how they intend to address the fundamental issues, particularly the hard-coded AES keys. Until then, users are advised to be aware of the potential risks associated with their Unitree robots, especially concerning proximity to unknown Bluetooth devices.
Source: Unitree G1 Security Disaster (YouTube)
