Unitree Robotics, a leading Chinese robot manufacturer, announced it had shut down a third-party remote control service after discovering a security vulnerability that allowed unauthorized users to gain control of its Go1 robot dog and access its video cameras. The Hangzhou-based company identified a flaw that enabled hackers to obtain the management key for a third-party cloud tunnel service, which was used for remote control of the robot. Unitree responded swiftly, taking the service offline in late March, following reports by tech bloggers Andreas Makris and Kevin Finisterre.
The tunnel service, provided by Zhexi Cloud, enabled remote access to the Go1. The bloggers reported that nearly 2,000 institutions, including several US universities like MIT, Princeton, and Carnegie Mellon, had connected to it. Zhexi Cloud and its affiliate, Shanghai Beirui Information Technology, did not immediately comment on the matter. The bloggers criticized Unitree for pre-installing the tunnel service without informing customers, describing this practice as poor and potentially malicious.
In response, Unitree defended its actions, stating that all files related to the service were accessible to users, including information about the tunnel. The company emphasized that the Go1 robot is “completely offline by default” and that remote control features are standard in the robotics industry. The company also downplayed the significance of the vulnerability, noting that the Go1, which was released in 2021, had been discontinued for two years, and subsequent models have adopted more secure solutions.
Unitree’s robots have attracted significant attention in China’s robotics sector. At a business symposium hosted by Chinese President Xi Jinping earlier this year, founder Wang Xingxing was seen sitting among prominent tech executives. During a visit to Hangzhou by Hong Kong’s Chief Executive John Lee Ka-chiu last month, Wang revealed that Unitree is considering a potential listing in Hong Kong’s financial market.
READ MORE: