UniPwn vulnerability lets attackers hijack Unitree robots via BLE

Cybersecurity researchers have uncovered a serious flaw in Unitree robots that lets attackers seize full control of a device and effectively turn it into a zombie. The issue stems from the Wi‑Fi setup process over Bluetooth Low Energy (BLE): because encryption keys are hardcoded, a malicious actor can masquerade as a trusted device and push crafted data that the robot executes with root privileges.

Dubbed UniPwn, the vulnerability hits several popular Unitree models—the Go2 and B2 quadrupeds, as well as the G1 and H1 humanoids. The exploit can spread on its own: once compromised, a robot scans for nearby Unitree machines via BLE and can automatically infect them, forming a botnet. In their demonstration, the researchers limited the impact to a forced reboot, but they warned that more dangerous outcomes are plausible, including installing trojans, covert data exfiltration, and blocking updates.

According to the study’s authors, Andreas Makris and Kevin Finisterre, they notified Unitree back in May 2025. They said the vendor neither fixed the issue nor maintained contact after July. Experts stress that vulnerabilities in robotics carry heightened risk because compromised machines can exert physical force—and Unitree’s relatively affordable robots are already embedded across various sectors, including sensitive ones.

Until a patch arrives, specialists recommend straightforward, practical steps: disable Bluetooth on the robot, place it on an isolated, secure Wi‑Fi network, and avoid connecting these devices to a shared segment. Longer term, the researchers argue Unitree needs to reestablish dialogue with the security community and address flaws promptly; otherwise, the risk level for users and robot operators will remain uncomfortably high.

In practice, such a weakness could affect both everyday consumers and industrial customers relying on these models. It also underscores the need for a faster, more transparent response to issues flagged by outside experts—before a contained problem turns into something bigger.