Researchers Identify 'UniPwn' Cybersecurity Flaw in Unitree Robots

11 HOURS AGO·UPDATED 11 HOURS AGO
Researchers Identify 'UniPwn' Cybersecurity Flaw in Unitree Robots
story
Above: Unitree humanoid robot at the World Smart Industry Expo in Chongqing, China on Sept. 7, 2025. Image copyright: He Penglei/China News Service/VCG/Getty Images

The Spin

Techno-skeptic narrative

Unitree’s humanoids aren’t just robots — they’re Wi Fi–connected spies in secret contact with China. They ship with factory-set keys and a Bluetooth flaw that lets attackers inject commands, gain root, worm to nearby units, and run a built-in AI to map networks. Despite receiving warnings from security researchers in May, Unitree has left these toy-like humanoids — including those used by China’s PLA — to function as covert surveillance devices and fully weaponizable cyber platforms.

arXiv.orgMario NawfalX

Techno-optimist narrative

With no American humanoids available, Chinese robots are the only option for developers to build advanced robotics software — and Unitree is proving they can be trusted. The company has quickly addressed recent vulnerabilities, rolled out fixes, and strengthened permission management, keeping robots offline by default and connecting only with user authorization. Far from being spy platforms, these robots are now secure, privacy-conscious, and fully under user control.

XX

Metaculus Prediction

Editor's Note

This story currently has limited coverage. We will continue to monitor all major outlets and update our reporting as additional information becomes available.

The Controversies

UNLIKELYLIKELY
Status:Open
Will China Surpass the US in AI?
Controversy

Articles on this story

Home
Bias SplitPublic FiguresControversies

Sign Up for Our Free Newsletters
Sign Up for Our Free Newsletters

Sign Up!
Sign Up Now!
AboutContact UsNewsletter ArchiveMedia
FAQGlossaryPrivacy Policy
© 2025 Improve the News Foundation. All rights reserved.Version 6.16.0

© 2025 Improve the News Foundation.

All rights reserved.

Version 6.16.0