Calm down everyone – Unitree’s recently discovered exploit will absolutely, definitely not give rise to the first robot-to-robot viral infection using Bluetooth

• UniPwn exploits Unitree robots, allowing remote root access via network services
• The vulnerability combines hardcoded keys, weak handshakes, and unsafe command execution
• Compromised devices could attempt lateral movement across nearby robots over wireless links

Security researchers Bin4ry^[1] and d0tslash have published a write-up on GitHub about an exploit named “UniPwn” which affects multiple Unitree product lines.

The vulnerability affects G1 humanoids, Go2, and B2 quadrupeds, and it can be used to escalate privileges to root.

It appears to chain together weaknesses that, when combined, permit remote command injection on affected devices.

How the vulnerability works and why it matters

The vulnerability set reportedly includes hardcoded cryptographic keys and a handshake that checks only for the string “unitree”, and also includes unsanitized user data concatenated into shell commands the system runs.

Those elements combine into an unusually straightforward path from a network packet to arbitrary code execution.

Because the exposed service accepts wireless connections, a compromised unit can receive commands and attempt to influence devices within radio range.

That changes the threat model from a single exploited device to potential lateral movement across nearby units.

The researchers say the exploit leverages a Bluetooth Low Energy and Wi-Fi configuration service.

This means a compromised unit can receive commands over wireless links and potentially attempt to influence devices within radio range.

The researchers describe parts of the UniPwn chain as “wormable”, meaning successful exploitation can allow malicious code to persist and attempt propagation, which raises the risk because it could permit automated spread between reachable devices.

Yet wormable behavior observed in tests does not guarantee rapid real-world propagation.

Real-world spread depends on device configuration, network segmentation, firmware diversity, physical proximity, vendor patching pace, and operator practices.

Controlled lab tests can show a capability, but field propagation will be shaped by those operational factors.

Thus, this first robot-to-robot viral infection remains unlikely, although manufacturers and operators would be unwise to treat this as a remote theoretical threat.

Independent research into jailbreaking LLM-powered robots increases the urgency of these technical findings.

A project known as RoboPAIR demonstrated that carefully crafted prompts can coerce robot controllers, including the Unitree Go2, to perform harmful actions.

Reported scenarios include converting robots into covert surveillance platforms and guiding them to place explosives.

The RoboPAIR team reported high success rates when it supplied the target robot’s API and formatted prompts that the API executed as code.

Combining LLM^[2] jailbreak techniques with low-level remote command injection expands the attack surface.

This is because a single compromise could both defeat model safeguards and execute arbitrary system commands.

Therefore, this disclosure should prompt immediate mitigation efforts, clearer vendor communication, and realistic threat modeling to avoid preventable harm.

The nature of this flaw is technically notable, and if weaponized, the consequences could be severe.

Via Toms Hardware^[3]

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!^[4][5]

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.^[6][7]

You might also like