A single compromised humanoid robot can now automatically infect every compatible unit within Bluetooth range—no human intervention required. This isn’t theoretical cybersecurity doom-scrolling; it’s documented reality affecting commercially deployed Unitree robots that researchers have turned into self-propagating robot botnets.
The Digital Zombie Scenario Is Already Here
The vulnerability spreads like a contagion through robot fleets, turning security breaches into self-replicating infections.
The vulnerability works like a contagion movie plot, except with metal and servos instead of flesh. One infected Unitree G1 humanoid scans its environment for peer robots via Bluetooth Low Energy, then exploits hardcoded encryption keys to compromise them automatically. Those newly infected units immediately begin scanning for their own targets, creating an exponential infection cascade through robot fleets.
Think of it as every lock in your city using the identical master key—except these locks can walk around and unlock each other. The architectural flaw affects Unitree’s “whole new generation product line,” according to researchers who discovered the exploit dubbed “UniPwn.”
When Digital Attacks Become Physical Violence
Compromised robots don’t just malfunction—they become weaponized surveillance platforms capable of causing real injuries.
This isn’t abstract cyber-risk. At Shanghai’s GEEKCon hacking competition, DARKNAVY researchers demonstrated forcing a Unitree robot to swing at a journalist. The same research team documented various injuries caused by out-of-control robots, including reported foot injuries at deployment sites related to workplace safety. Voice command injection allows attackers to seize robot control through spoken instructions alone.
Compromised robots don’t just misbehave—they become surveillance platforms, continuously exfiltrating video, audio, and depth sensor data to remote servers every 300 seconds. Your workplace robot isn’t just malfunctioning; it’s actively spying while spreading infection to every compatible unit nearby.
The Manufacturer Ghost Story
Despite public disclosure and demonstrated exploits, critical vulnerabilities remain unpatched months later.
Security researchers claim they contacted Unitree multiple times about these vulnerabilities but received “no meaningful engagement or interest” in addressing the security flaws. The exploit was publicly disclosed in September 2025, demonstrated at industry conferences, and remains unpatched as robot deployment accelerates across factories, hospitals, and warehouses.
This follows the familiar “ship first, patch later” playbook that transforms early adopters into unwitting beta testers for fundamentally broken security architecture. The wormable nature changes everything—one compromised robot in a 100-unit warehouse fleet could infect the entire operation within hours through passive proximity scanning.
Your security incident response plan probably doesn’t account for robots autonomously hacking each other while you sleep, similar to how most organizations struggle with basic computer problems.
