Penetration Testing the Unitree G1: A Comprehensive Humanoid Robot Security Assessment
The Unitree G1 humanoid robot, marketed as an advanced consumer robotics platform starting at $16,000, contains critical privacy violations and security vulnerabilities that expose users to unprecedented surveillance risks. Through comprehensive security analysis using the CAI (Cybersecurity AI) framework, researchers discovered that these robots continuously transmit sensitive telemetry data to servers in China and elsewhere without user consent or notification.
The investigation revealed critical security flaws in the robot's BLE provisioning protocol, which contains a command injection vulnerability allowing root access via malformed Wi-Fi credentials, exploitable using hardcoded AES keys shared across all units. Partial reverse engineering of Unitree's proprietary FMX encryption revealed a static Blowfish-ECB layer and a predictable LCG mask – enabling inspection of the system. Beyond these technical vulnerabilities, the G1 robot actively collects and transmits audio from various sensors and actuators including complete motion telemetry from 20+ motors. Most alarmingly, critical security credentials including RSA private keys are stored with world-writable permissions, while SSL certificate verification is disabled in communication protocols. These findings demonstrate a severe violation of European GDPR and international privacy laws, positioning these humanoid robots as potential surveillance devices in homes and workplaces.
CYBERSECURITY AI (CAI), THE FRAMEWORK FOR AI SECURITY
CAI is the leading open-source framework to democratize advanced security testing through specialized AI agents. With EU-backing, CAI is used by thousands of security researchers and organizations worldwide. Robots are systems of systems and their complexity makes cybersecurity testing difficult. Tools like CAI are essential to assess the security of these systems. Robots like the Unitree G1 are just one of the many use cases for CAI in robotics.
By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for organizational security.
Sample of Security Analysis of Unitree G1 Humanoid Robot using CAI: This video demonstrates the CAI (Cybersecurity AI) framework exploring the Unitree G1 humanoid robot's infrastructure and discovering some of the upstream connectors that lead to critical privacy violations. The footage shows various infringing upstream connections that violate GDPR and international privacy laws.
ACTORS
- User: Security researcher
- Tool: CAI
- LLM Model:
alias1 - Target: Unitree Robotics (Unitree G1)
CLIENT PROFILE
Unitree G1 Humanoid Robot -- The Unitree G1 is an advanced humanoid robot developed by Unitree Robotics, a Chinese company founded in 2016 that has rapidly become a leader in legged robotics. Standing at 1.27 meters tall and weighing approximately 35kg, the G1 robot features 23-43 degrees of freedom depending on configuration, with prices starting at $16,000 USD. It represents one of the most affordable humanoid platforms available for research and development, capable of walking at speeds up to 2 m/s and performing complex movements including jumping 1.4 meters high.
Equipped with six Intel RealSense depth cameras, 3D LiDAR, dual microphones, and comprehensive sensor arrays, the G1 robot is marketed for applications in research, education, and service industries. However, the security analysis reveals that this sophisticated sensor platform continuously transmits telemetry data to servers in China without user consent, including audio streams, video feeds, GPS location, and complete motion data from all motors. These privacy violations, combined with critical security vulnerabilities such as world-writable RSA private keys and disabled SSL certificate verification, position these robots as potential surveillance devices that violate GDPR and international privacy laws.
THE CHALLENGE
The Unitree G1 humanoid robot is a popular and widely used robot for humanoid manipulation tasks but presents a complex security challenge: these consumer robots continuously transmit comprehensive telemetry to China-related servers without user knowledge or consent. The investigation revealed unauthorized processing of:
- Audio from dual microphones
- Video from six cameras
- GPS location data
- Telemetry submission from 20+ actuators
Critical findings included:
- RSA private keys stored with world-writable permissions (chmod 666)
- Disabled SSL certificate verification
- Hardcoded credentials
- Persistent MQTT connections on port 17883 to servers at 43.175.228.18
- Data transmitted encrypted with static Blowfish keys
These practices violate GDPR Article 7 (consent) and Article 25 (data protection by design).
THE SOLUTION
Using the CAI (Cybersecurity AI) framework, researchers conducted a comprehensive security audit of the G1 robot's communication protocols and data collection practices. CAI successfully:
- Reverse-engineered the two-layer encryption system, breaking the static Blowfish layer and identifying the hardware-bound LCG algorithm
- Analyzed 20+ ROS2/DDS topics revealing real-time transmission of sensitive data including audio streams (
rt/audio_msg), video feeds (rt/frontvideostream), and AI conversation history (rt/gpt_state) - Documented evidence of continuous surveillance capabilities
- Provided concrete proof for regulatory compliance violations
- Enabled users to understand the privacy risks posed by these humanoid robots in their environments
KEY ARTIFACTS
- Extracted RSA private key from world-writable certificate files
- Mapped 20+ telemetry topics transmitting sensitive sensor data
- Documented persistent MQTT connections to Chinese servers
- Reverse-engineered two-layer encryption system (Blowfish + LCG)
THE RESULTS
- Discovered critical security vulnerabilities in credential storage
- Confirmed unauthorized telemetry transmission violating GDPR
- Provided evidence for regulatory compliance violations
- Identified surveillance capabilities without user consent
Time for the exercise: 27 minutes | Cost: 3.45 EUR
KEY BENEFITS
- AI-powered robot security
- Cost-effective and fast vulnerability discovery
- Robot protection and privacy compliance