Security vulnerabilities in robot dog Unitree Go1 enable takeover
The Unitree Go1 suffers security vulnerabilities allowing the device to be hijacked remotely. One of those vulnerabilities has been fixed, but a second remains.
(Image: Unitree (Screenshot))
There are two security gaps in the popular, low-cost robot dog Unitree Go1. Attackers could use them to take over the robot and control it remotely. For some purposes, such as military applications, this would be fatal.
The Go1 robot dog is a popular four-legged robot due to its low price starting at around 2700 US dollars and is often used for research purposes. But the military has also recognized its value, such as the U.S. Marine Corps, which equipped the robot with a machine gun on a trial basis in 2023 to fight armored vehicles from a distance and use it in urban areas for local and house-to-house combat.
The Go1 uses a Raspberry Pi for part of the robot's control. When booting, it establishes a connection to the remote maintenance service Cloudsail via an automatic start. An API key from the manufacturer can be used to access the robot, provided the key is known to the attackers. This backdoor can be used to take control of the robot, as a security specialist shows in a video on GitHub. Owners of the Go1 are unaware of this undocumented active remote maintenance service. The vulnerability is classified as “medium” and has a severity level of 6.6, which means it is close to a high severity level of 7 (CVE-2023-2894).
Critical access data
A security researcher drew attention to this vulnerability via X back in December 2023. Unitree reacted very late and withdrew the API key more than a year later. However, security specialists from the Austin Hackers Association (AHA) recommend switching off the Cloudsail service on the Go1 completely. This is because the Raspberry Pi used can be accessed via another backdoor. Access is then possible with the username “pi” and the password “123”, which are generally known. Changing the access data as a workaround is of little help. This should result in some scripts on the robot dog that rely on the password not being executed correctly. The Go1 then does not work properly.
Videos by heise
The problem has currently only been proven for the Unitree Go1 robot dog. Unitree has already launched the successor Go2 on the market. It is not yet known whether this robot has the same issues.
(olb)
