Your Robot Could Be Hacked to Attack You: Unitree Humanoid Exploit Exposed
Cybersecurity group Darknavy demonstrated how to hack Unitree humanoid robots to perform physical attacks. Learn how these robots can infect others even without a network connection.
Cybersecurity isn't just about your passwords anymore; it's about your physical safety. Researchers from the Chinese cybersecurity group Darknavy recently demonstrated a method to compromise commercial humanoid robots, turning them from helpful assistants into potential threats in a matter of minutes.
The Infectious Robotic Worm
According to Yicaiglobal, the demonstration at GEEKcon in Shanghai utilized a commercially available Unitree robot. By exploiting a flaw in its internal AI agent, researchers didn't just take over one unit. They showed how the hijacked robot could use local wireless communication to infect nearby robots—even those not connected to any external network.
The robot was successfully commanded to physically strike a mannequin on stage, proving that digital exploits can lead to real-world violence.
From Data Theft to Physical Harm
For decades, the worst-case scenario for a hack was the loss of money or identity. However, as humanoid robots enter homes for elder care or domestic labor, the stakes change. A compromised robot could commit legitimate physical harm to innocent people. Beyond the home, such vulnerabilities could disrupt critical infrastructure or industrial labor operations if left unpatched.
Authors
Related Articles
A critical vulnerability in Starlette—downloaded 325 million times per week—puts millions of AI agent servers at risk, exposing stored credentials for email, databases, and third-party services.
GitHub confirmed hackers stole data from 3,800 internal repositories via a poisoned VS Code extension. Here's why developer tools are now the most dangerous attack surface in tech.
A Utah woman was sentenced to life in prison partly because of her Google searches and deleted texts. The Kouri Richins case reveals how digital footprints have become the courtroom's most reliable witness.
Dirty Frag gives low-privilege users root access on virtually every Linux distro. The exploit code leaked three days ago. Microsoft says attackers are already experimenting with it.
A critical vulnerability in Starlette—downloaded 325 million times per week—puts millions of AI agent servers at risk, exposing stored credentials for email, databases, and third-party services.
GitHub confirmed hackers stole data from 3,800 internal repositories via a poisoned VS Code extension. Here's why developer tools are now the most dangerous attack surface in tech.
A Utah woman was sentenced to life in prison partly because of her Google searches and deleted texts. The Kouri Richins case reveals how digital footprints have become the courtroom's most reliable witness.
Dirty Frag gives low-privilege users root access on virtually every Linux distro. The exploit code leaked three days ago. Microsoft says attackers are already experimenting with it.
Thoughts
Share your thoughts on this article
Sign in to join the conversation