Bluetooth Flaw Lets Hackers Take Over Unitree Humanoid Robots - 1

Image by UnitreeRobotics, from Unsplash

Bluetooth Flaw Lets Hackers Take Over Unitree Humanoid Robots

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Security researchers disclosed on 20 September a critical vulnerability in the Bluetooth Low Energy (BLE) Wi-Fi setup used by several Unitree robots.

In a rush? Here are the quick facts:

  • Critical BLE flaw affects Unitree Go2, B2, G1, and H1 robots.
  • Exploit allows root-level takeover and can spread between robots wirelessly.
  • Hardcoded encryption keys let attackers inject malicious code via Wi-Fi setup.

The flaw affects Go2 and B2 quadrupeds, as well as G1 and H1 humanoids, and could allow attackers to take full control of the devices. The wireless nature of the exploit makes it “wormable,” because a single compromised robot can automatically spread the infection to nearby robots which would create a robot botnet, as explained by Spectrum who first reported the news.

The exploit, named UniPwn, was discovered by Andreas Makris and Kevin Finisterre. “A simple attack might be just to reboot the robot, which we published as a proof of concept,” Makris explains, as reported by Spectrum.

“But an attacker could do much more sophisticated things: It would be possible to have a trojan implanted into your robot’s startup routine to exfiltrate data while disabling the ability to install new firmware without the user knowing. And as the vulnerability uses BLE, the robots can easily infect each other, and from there the attacker might have access to an army of robots,” Makris added.

UniPwn takes advantage of hardcoded encryption keys in BLE packets. The encryption of “unitree” with these keys allows attackers to run any code they want. Makris and Finisterre first reported the issue to Unitree in May, but after limited response, they went public. “We have had some bad experiences communicating with them,” Makris said, as reported by Spectrum.

Unitree responded on LinkedIn, stating: “We immediately began addressing these concerns and have now completed the majority of the fixes. These updates will be rolled out to you in the near future.”

Spectrum reports that cybersecurity expert Víctor Mayoral-Vilches added: “Unitree, as other manufacturers do, has simply ignored prior security disclosures and repeated outreach attempts […] Robots are only safe if secure.”

The researchers advise users to connect to protected Wi-Fi networks while disabling Bluetooth until permanent security solutions become available from developers..The vulnerability highlights broader risks in commercial robotics, where high-profile hacks could have serious physical and reputational consequences.

Reddit Mods Push Back Against Ethan Klein Subpoenas - 2

Image by Brett Jordan, from Pexels

Reddit Mods Push Back Against Ethan Klein Subpoenas

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Moderators of a subreddit critical of YouTuber Ethan Klein are pushing back against subpoenas that would reveal their identities.

In a rush? Here are the quick facts:

  • Ethan Klein filed subpoenas to unmask Reddit moderators of r/h3snark.
  • Moderators’ lawyers warn revealing identities could put them in serious danger.
  • Klein publicly threatened to find moderators’ personal information and IP addresses.

The moderators’ lawyers argue that revealing their identities would put them at serious risk. “These worries extend to all family and friends connected to Does. Does fear their professional lives being ruined, potential sexual violence, extortion, fans showing up to their home, and endless years of harassment due to Ethan’s prolific lies surrounding them,” the filing said, as reported by 404Media .

Klein has publicly warned the moderators, saying on a podcast, “Listen, guys, at this point you [r/h3snark mods] are totally fucked… We’re going to get your IP address and find your information,” reported 404Media.

He also said, “If there’s any justice in the world [the h3snark mods] will lose everything that they care about and I will be the one who makes them lose those things […] through legal means. Through any legal means.”

The creators of the video claim that their use of the song falls under fair use provisions because they are using it for educational purposes and that their use does not harm the market value of the song.

They also contend that sharing reaction videos and hosting discussion threads about the song constitutes fair use, and does not violate copyright law. The filing added that unmasking the moderators could set a dangerous precedent for anonymous online speech, saying “Very few would-be commentators are prepared to bear costs of this magnitude […] That speech will disappear. But that is precisely what Ethan Klein wants.”

A judge has allowed the subpoenas to be filed, but the moderators’ motion to quash them is currently under review, raising questions about the balance between copyright enforcement and protecting anonymous online voices.

The court issued acceptance of the subpoenas yet the moderators’ request to prevent them from being enforced continues to be assessed which raises questions about the balance between copyright enforcement and protecting anonymous online voices.