Recently, Unitree's Go1 robot dog was exposed to a security vulnerability, which caused an uproar in the technology circle. According to a report by Sina Technology on May 8, 2025, Unitree Technology announced the results of the investigation, saying that hackers illegally obtained the management key of the third-party cloud tunnel service used by Go1, and used the key to modify data and programs in the user's device with advanced privileges, so as to gain operational control of the user's device and be able to access the video stream, which seriously violated the privacy and security of customers. This incident not only panicked many Go1 robot dog users, but also sounded the alarm for the development of the entire robot industry. Below, China Exportsemi will conduct in-depth analysis and thinking on this matter.
Ⅰ The ins and outs of the incident and the technical analysis
As early as the 2022 GeekPwn competition, some bloggers revealed that Unitree Robot Dog GO1 had a security vulnerability of remote hijacking. At that time, Tencent's introduction to the project pointed out that within 60 seconds, the contestants could use the management key of Go1's third-party cloud tunnel service to hijack the control of the device by constructing a malicious URL to achieve remote dog walking operations on the target robot dog. In July 2023, the contestants exploited the design vulnerability "D0oT" of the UWB module packet to successfully hijack and control the Unitree robot dog GO1.
In this case, the hackers exploited a key vulnerability in the management key of a third-party cloud tunneling service. According to Unitree, the key is provided by a third-party cloud service provider, and the related services are also responsible for the third-party cloud tunnel service provider. Once the hacker obtains the key, it is like getting the "master key" to open the user's device, and can manipulate the robot dog at will without the user's knowledge, and obtain sensitive information such as video streams while it is working. This not only threatens the privacy and security of users, but also may lead to malicious interference in key tasks, causing irreparable losses.
Figure: Unitree Technology Go1 robot dog was exposed to a security vulnerability, which caused the technology circle to shake
Ⅱ Unitree's response measures
In the face of this severe security challenge, Unitree Technology has taken a series of countermeasures. On March 24, 2025, the company changed the management key of the tunnel service in a timely manner, and completely shut down the tunnel service with the above vulnerabilities on March 29. Judging from the timeline, Unitree's response speed is relatively fast, but looking back at similar security vulnerability exposure incidents in the past, such as the vulnerability revelation in the GeekPwn competition in 2022, and then another successful hijacking case in July 2023, people have to question Unitree's previous security attention and response mechanism.
According to Tencent, Go1's third-party cloud tunneling service is provided, stored, and verified by a third-party cloud service provider, Zhexi Cloud, which was launched on October 9, 2021, and is designed to allow users to remotely control and operate their own Go1 robots. However, such a serious vulnerability in such an important service also reflects the vulnerability of the entire robot industry chain in security control. Thankfully, Unitree said that the Go1 series was discontinued in March 2023, and the number of connected robot dogs affected by this vulnerability was extremely small, which somewhat mitigated the negative impact of the incident.
Ⅲ The security status quo and hidden concerns of the robot industry
1. Security breaches are frequent
In recent years, the robot industry has developed rapidly, and the application scenarios of robots have been expanding from industrial production to daily life services. However, security breaches are also a problem. According to relevant statistics, in the past three years alone, more than [X] cases of robot security vulnerabilities have been exposed worldwide, involving many well-known robot brands. These vulnerabilities are of various types, including remote code execution vulnerabilities, information disclosure vulnerabilities, and identity authentication vulnerabilities, which seriously threaten the normal use of bots and the security of user data.
2. Supply chain security risks
The Unitree Go1 robot dog incident highlights the severity of supply chain security issues. In the robot manufacturing process, many parts and software services rely on third-party suppliers. From chips and sensors to cloud services, operating systems, and more, there may be potential security risks in every link. Once the safety line of a link is breached, it may trigger a chain reaction and affect the safety performance of the entire robot. According to the data of market research institutions, at present, about [X]% of robot manufacturers have varying degrees of shortcomings in supply chain security management, which has laid a huge hidden danger for the safety development of the robot industry.
3. User Privacy Protection Challenges
The robot will collect a large amount of user data in the process of work, such as location information, environmental data, operation habits, etc. Once this data is obtained by hackers, the user's privacy will be seriously threatened. For example, in a smart home scenario, a home service robot may record sensitive information such as family members' daily activities and habits. If this information is leaked, it may cause users to suffer from precise online fraud, privacy infringement and other problems. According to the statistics of cybersecurity agencies, in the past year, there have been [X] number of user privacy leaks caused by bot security breaches, affecting more than [X] million users.
Ⅳ Deep reflection and outlook on the robot industry
1.Manufacturers' awareness of safety responsibility needs to be strengthened urgently
Robot manufacturers must recognize the importance of product safety and prioritize it on the same or higher level than product performance and functionality. In the product development stage, sufficient resources should be invested in security design and testing, and a sound security development process should be established. For example, code security audits and vulnerability scanning tools are used to discover and fix potential security vulnerabilities in a timely manner. At the same time, we will strengthen cooperation with network security companies, conduct security assessments and penetration tests on products on a regular basis, and improve product security protection capabilities.
2.Build a sound supply chain security management system
The entire robotics industry needs to work together to build a sound supply chain security management system. Manufacturers should conduct rigorous safety audits and assessments of their suppliers to ensure that the products and services they provide comply with relevant safety standards and specifications. Establish a supply chain security information sharing mechanism, timely report security vulnerabilities and threat intelligence, and jointly respond to security risks. In addition, promote the development of a unified robot supply chain security standards and certification system to ensure the safe development of the robot industry from the source.
3.Strengthen industry safety supervision and standard formulation
Government departments and industry associations should strengthen the safety supervision of the robot industry, and formulate and improve laws, regulations, standards and specifications related to robot safety. Clarify the rights and obligations of robot manufacturers, suppliers, users and other parties in terms of safety assurance, and provide clear guidance and specifications for the development of the industry. Strengthen the investigation and punishment of robot security incidents, increase the cost of violations, and urge enterprises to pay attention to product safety.
4.Improve user security awareness and protection capabilities
As robot users, users should also enhance their security awareness and protection capabilities. When purchasing robot products, we should pay attention to the safety performance of the product and the safety reputation of the manufacturer, and give priority to brands with good safety records. In the process of use, update the product firmware and software in a timely manner, avoid using default passwords, set complex account passwords, and change them regularly. For data involving personal privacy, it is necessary to be cautious in authorizing and avoid oversharing.
Ⅴ Conclusion
The security vulnerability incident of Unitree Go1 robot dog has sounded the alarm for us to the safety of the robot industry. Today, with the rapid development of robotics, safety has become a key factor restricting the further development of the industry. Only by working together of the whole industry to build a solid security line of defense from technology, management, law and other aspects can we ensure the healthy and sustainable development of the robot industry, so that robots can better serve human society instead of becoming a potential security threat. We expect Unitree Technology and the entire robot industry to take this as a reference, while pursuing technological innovation and market expansion, firmly adhere to the bottom line of safety, and provide users with convenient, efficient and safe intelligent robot products.
