Full Report
Embodied AI, intelligent systems in physical forms such as humanoid and quadruped robots, is moving from spectacle to staffing plans.
Analysis Summary
# Vulnerability: Unitree Robotics Bluetooth Command Propagation & Data Exfiltration
## CVE Details
- **CVE ID**: CVE-2024-34045 (Mapped via Figure 1)
- **CVSS Score**: 9.6 (Critical)
- **CWE**: CWE-294 (Authentication Bypass by Capture-replay) / CWE-319 (Cleartext Transmission of Sensitive Information)
## Affected Systems
- **Products**: Unitree Humanoid and Quadruped Robots
- **Versions**: Unitree G1, Unitree Go1, and Unitree Go2
- **Configurations**: Systems utilizing default factory settings for Bluetooth pairing and cloud telemetry; robots operating in dense fleets within proximity of one another.
## Vulnerability Description
The vulnerability stems from an insecure implementation of the Bluetooth Low Energy (BLE) communication protocol and hardcoded telemetry configurations.
1. **Bluetooth Hijacking & Worm-like Propagation**: Researchers identified that commands can be injected via Bluetooth without proper authentication. Due to the lack of signal isolation, a compromised robot can propagate these malicious commands wirelessly to any other vulnerable unit within a ten-meter radius, effectively creating a "physical botnet."
2. **Insecure Data Exfiltration**: The systems are configured to covertly exfiltrate high-fidelity audio, video, GPS, and spatial mapping data (LIDAR) to remote servers (specifically identified as being located in China) without encryption or user consent.
## Exploitation
- **Status**: PoC available; evidence of exploitation in simulated industrial environments and active research demonstrations.
- **Complexity**: Low
- **Attack Vector**: Adjacent (Bluetooth range/Wireless) and Network (Cloud telemetry hijack).
## Impact
- **Confidentiality**: High (Continuous exfiltration of environmental audio, video, and internal facility maps).
- **Integrity**: High (Unauthorized physical movement and actuation; ability to bypass restricted zone boundaries).
- **Availability**: High (Robots can be rendered inoperable, "bricked," or forced offline for remediation).
## Remediation
### Patches
- **Firmware Update**: Users are advised to check with Unitree for the latest firmware updates that implement BLE pairing authentication.
- **Protocol Hardening**: Disable legacy unauthenticated Bluetooth protocols where applicable.
### Workarounds
- **Network Segmentation**: Isolate robots on a dedicated VLAN with no internet access to prevent telemetry exfiltration.
- **Physical Mitigation**: Disable Bluetooth radios if remote wireless control is not required for operations.
- **RF Shielding**: Implement "no-robot zones" using signal jamming or shielding to prevent command propagation in sensitive areas.
## Detection
- **Indicators of Compromise**:
- Unexpected outbound traffic to non-corporate IP addresses (specifically associated with Asian cloud providers).
- High data exfiltration rates (measured in Mbps) occurring while the robot is idling.
- **Detection Methods**: Use Network Detection and Response (NDR) tools to monitor for unauthorized Bluetooth pairing attempts and anomalous UDP/TCP traffic originating from robotic endpoints.
## References
- **Vendor Advisory**: hxxps[://]www[.]recordedfuture[.]com/research/hacking-embodied-ai
- **Technical Deep-Dive**: hxxps[://]github[.]com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf
- **Academic Research**: hxxps[://]arxiv[.]org/pdf/2509.14139