In September 2025, a researcher raised the alarm concerning security risks in Unitree robots. ZHAW and other institutions have acquired one of these robots. Robotics expert Jorge Pena Queralta explains why our research robot is still secure.
The initiative ZHAW digital purchased a humanoid robot to enable researchers from all ZHAW departments to advance research related to physical AI. With the robot, new applications are being tested, interdisciplinary exchange is being promoted and socially relevant questions about the role of embodied intelligence are being discussed.
| What is physical AI? “Physical AI lets autonomous systems like robots, self-driving cars, and smart spaces perceive, understand, and perform complex actions in the real (physical) world.” (NVIDIA Glossary) |
Jorge, which security risks were found and what happened after the paper was published?
The authors of the paper, whom I know, found a vulnerability in the Bluetooth Low Energy (BLE) Wi-Fi configuration interface. This means that if a hacker were in the same room with a robot whose Bluetooth was switched on, they could potentially take over the control of the robot. As our robot is a research robot and we do not use Bluetooth at all, this vulnerability does not affect us. If it were an end-product in people’s home, the situation would look much different. This time, the Chinese company Unitree recognised their mistake and promised to fix it.
You say that our robot is a research robot – what does that mean?
The robot is an education version. This means that it is designed in a way to be easily accessible to experiment with it in teaching and research. The edu-version of the robot has not only one computer, but an additional one, which we can fully access. The Bluetooth would be used when pairing the robot with a phone app to control it. The Edu version can be controlled fully with a remote over the extra computer. What I want to point out however is that the researcher still has the responsibility to make sure it is secure and for example change the default password.
We do not use the Bluetooth port, but it is still built into the robot. Can we do something about that?
We could either remove the hardware or we could try to hack into the robot ourselves and disable the software.
The robot was produced in China, is there a possibility that it sends data to China?
If the robot is not connected to the Internet – and our research robot isn’t, then it cannot send data. But if someone uses the robot paired with a phone app, then data could be sent. I think that in the future, when the robots are sold commercially, this could be problematic.
In this regard, robots are not much different than drones, phone apps or other smart devices that stream their data to the US, China or wherever the company is located. The question is not whether the devices send data, but whether the companies disclose it and whether the consumer read the terms and conditions. In some cases, the user can opt out and disable for example the location tracking.
What are other potential risks in terms of cybersecurity in KAI?
As our humanoid robot is a research robot, the ethernet ports could be opened physically. So, if someone with malintent wants to hack it physically that would be possible – but we do not leave the robot alone and safely store it.
How secure are robots in general?
Cybersecurity in general is a big issue with robots, but also with cars and other applications. Unlike the Unitree G1, the Unitree dog for example has an ultra-wideband radio that is used for the “follow me mode”. It is the same technology as in cars and if it is not encrypted it can be hacked. With an amplifier the signal can be intersected, and someone could remotely operate the car, or the dog. It is possible to turn off the radio, when the follow me mode is not needed. In industrial settings the environment is very controlled, but it can prove dangerous for consumer products. In one’s home, a robot or device needs to be fully secure.
What can we do to make our devices more secure?
We need to be aware where vulnerabilities lie and raise awareness. Whenever we use apps, there is the possibility that we share data. Whenever we use an insecure network there is the possibility we can be hacked easily. We must take care to change for example the password of our router and Wi-Fi. We also need to keep in mind that today also non-experts can hack homes by using AI.
