Cybersecurity researchers have discovered and documented a critical vulnerability in the Unitree G1 humanoid robot. The flaw, located in the robot’s Bluetooth Low Energy (BLE) protocol, allowed for unauthorized access and resulted in the confirmed exfiltration of sensitive data to servers located in China.

The security firm, CyberSentry Labs, published its findings after responsibly disclosing the issue to the manufacturer, Unitree. The research team demonstrated that attackers could intercept the data stream between the robot and its controller by exploiting the insecure Bluetooth connection.

Details of the BLE Exploitation

The investigation by CyberSentry Labs revealed that the Unitree G1’s BLE communication protocol lacked sufficient encryption and authentication mechanisms. This oversight enabled a man-in-the-middle (MitM) attack. During the documented exploit, researchers were able to capture and analyze data packets transmitted by the robot in plaintext. The absence of proper security handshakes meant the robot did not verify the identity of the device it was communicating with, leaving it open to interception.

Confirmed Data Exfiltration to China

Analysis of the intercepted traffic confirmed that operational data from the Unitree G1 was being routed to command-and-control servers with IP addresses geolocated within China. The compromised data packets included real-time sensor telemetry, movement logs, and environmental data collected by the robot’s onboard systems. CyberSentry Labs confirmed the successful data transfer and documented the destination servers in their report. Unitree was notified of the vulnerability and the data leak prior to the public release of these findings.