Security researchers say G1 humanoid robots are secretly sending information to China and can easily be hacked

Source: TechXplore

Researchers have uncovered serious security flaws with the Unitree G1 humanoid robot, a machine that is already being used in laboratories and some police departments. They discovered that G1 can be used for covert surveillance and could potentially launch a full-scale cyberattack on networks.

[.....]

In a new study available on the arXiv preprint server, cybersecurity experts from Alias Robotics describe how they performed a digital audit on G1, reverse-engineering its internal software and eavesdropping on its internal communications to identify critical weaknesses.

One of the most serious flaws was in its Bluetooth Low Energy (BLE) setup for connecting to Wi-Fi, a system used by many consumer robots. The study found that the encryption protecting this process was incredibly weak and easily broken. It relies on a single, secret digital key hidden inside every Unitree robot, and simply encrypting the word "unitree" with a hardcoded key was enough to bypass security and gain control of the robot's entire system. This means a hacker could easily take it over and inject malicious commands to crash it or make it attack other devices.

Equally concerning was that G1 acts as a Trojan horse, secretly and continually sending data to servers in China every five minutes, without users knowing about it. The team also showed the G1's onboard computer could be repurposed for offensive operations. Additionally, the robot's custom encryption method to protect its internal configuration files is fundamentally flawed because it uses a simple, static key that's the same on every robot. Therefore, if a hacker were able to break the lock on one robot, they could break the locks on all of them.

Read more: https://techxplore.com/news/2025-09-g1-humanoid-robots-secretly-china.html