Security researchers say G1 humanoid robots are secretly sending information to China and can easily be hacked
Researchers have uncovered serious security flaws with the Unitree G1 humanoid robot, a machine that is already being used in laboratories and some police departments. They discovered that G1 can be used for covert surveillance and could potentially launch a full-scale cyberattack on networks.
It sounds like the stuff of science fiction nightmares, robots that are secretly spying on you and could be controlled by remote hackers. However, the concern is real, as these types of robots are becoming increasingly common in homes, businesses, critical infrastructure and public spaces.
When robots go rogue
In a new study available on the arXiv preprint server, cybersecurity experts from Alias Robotics describe how they performed a digital audit on G1, reverse-engineering its internal software and eavesdropping on its internal communications to identify critical weaknesses.
One of the most serious flaws was in its Bluetooth Low Energy (BLE) setup for connecting to Wi-Fi, a system used by many consumer robots. The study found that the encryption protecting this process was incredibly weak and easily broken. It relies on a single, secret digital key hidden inside every Unitree robot, and simply encrypting the word “unitree” with a hardcoded key was enough to bypass security and gain control of the robot’s entire system. This means a hacker could easily take it over and inject malicious commands to crash it or make it attack other devices.
Equally concerning was that G1 acts as a Trojan horse, secretly and continually sending data to servers in China every five minutes, without users knowing about it. The team also showed the G1’s onboard computer could be repurposed for offensive operations. Additionally, the robot’s custom encryption method to protect its internal configuration files is fundamentally flawed because it uses a simple, static key that’s the same on every robot. Therefore, if a hacker were able to break the lock on one robot, they could break the locks on all of them.
The study underscores the pressing need to enhance the security of humanoid robots, particularly those employed in sensitive environments. As the researchers comment in their paper, this would involve a major change in how we think about security. “Our findings indicate that securing humanoid robots requires fundamental paradigm shifts toward adaptive cybersecurity AI frameworks capable of addressing the unique challenges inherent in physical-cyber convergence systems.”
The researchers attempted to warn Unitree about the flaws, but after some initial communication, they stopped receiving responses from the company. So they decided to go public with their findings.
Written for you by our author Paul Arnold, edited by Gaby Clark, and fact-checked and reviewed by Robert Egan—this article is the result of careful human work. We rely on readers like you to keep independent science journalism alive.
If this reporting matters to you,
please consider a donation (especially monthly).
You’ll get an ad-free account as a thank-you.
More information:
Víctor Mayoral-Vilches et al, Cybersecurity AI: Humanoid Robots as Attack Vectors, arXiv (2025). DOI: 10.48550/arxiv.2509.14139
arXiv
© 2025 Science X Network
Citation:
Security researchers say G1 humanoid robots are secretly sending information to China and can easily be hacked (2025, September 30)
retrieved 1 October 2025
from https://techxplore.com/news/2025-09-g1-humanoid-robots-secretly-china.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Comments are closed