Security researchers at thinkAwesome GmbH have uncovered a severe security vulnerability in the widely deployed Unitree Go1 robotic systems. The investigation revealed an undocumented tunnel service pre-installed on these devices, potentially allowing unauthorized remote access and control of the robots.
Technical Analysis of the Security Breach
The vulnerability stems from a Raspberry Pi-based control system that automatically initiates a proprietary tunneling service called CloudSail (Zhexi) upon internet connection. This service, developed by Zhexi Technology for the Chinese market, contains default credentials (pi/123) and an API key that could grant attackers full device control. The service’s primary function is to facilitate NAT traversal and remote access to IoT devices, but its undocumented presence creates significant security implications.
Global Impact and Security Implications
Security researchers have identified 1,919 potentially vulnerable Unitree Go1 devices worldwide. Of particular concern is the presence of these robots in academic institutions across multiple countries, including the United States, Canada, Germany, New Zealand, Australia, and Japan. The vulnerability’s severity is amplified by the robots’ deployment in critical applications such as search and rescue operations and military applications.
Vulnerability Assessment and Risk Analysis
The discovered backdoor presents multiple attack vectors that malicious actors could exploit. Potential threats include unauthorized access to onboard cameras, remote control capabilities, and possible network infiltration. The default credentials and API key implementation represent a significant departure from cybersecurity best practices, particularly concerning IoT device security standards.
Security Mitigation Strategies
Organizations and individuals operating Unitree Go1 robots should implement the following security measures:
– Immediately disconnect affected devices from network access
– Conduct comprehensive system log audits for potential compromise
– Implement network segmentation for robotic systems
– Deploy robust access control mechanisms
– Monitor for unauthorized access attempts
This security incident highlights the critical importance of thorough security audits in robotics systems, particularly those deployed in sensitive environments. While the backdoor’s presence appears to be an oversight rather than malicious intent, it underscores the growing need for enhanced security protocols in the rapidly evolving robotics sector. The potential presence of similar vulnerabilities in the newer Go2 model further emphasizes the importance of comprehensive security assessments before deploying robotic systems in critical environments.
