A critical vulnerability in the Bluetooth Low Energy (BLE) Wi-Fi configuration interface used by several different Unitree robots can result in a root-level takeover by an attacker, security researchers disclosed on 20 September.

The exploit impacts Unitree’s Go2 and B2 quadrupeds and G1 and H1 humanoids. Because the vulnerability is wireless, and the resulting access to the affected platform is complete, the vulnerability becomes wormable, say the researchers, meaning “an infected robot can simply scan for other Unitree robots in BLE range and automatically compromise them, creating a robot botnet that spreads without user intervention.”