Select Language:
Commercial robots face significant and easily exploitable vulnerabilities that could allow hackers to gain control within minutes or hours, according to cybersecurity specialists.
The security landscape of the robotics industry is critically fragile, with numerous gaps, explained Xiao Xuangan, who is affiliated with an independent cybersecurity research and consulting company operating in both Singapore and Shanghai. Xiao shared that during tests of low-level security flaws in quadruped robots, his team managed to take control of a Lite-series product from a well-known robotics firm in just one hour.
Another expert, Qu Shipei, demonstrated how he could seize control of a humanoid robot from a different company. Within about a minute, the robot’s indicator light changed from blue to red, it ceased responding to its remote, and under Qu’s command, it hurried toward a reporter, swinging its fist.
According to Xiao, the hacking process involves two steps: initially gaining remote access, then bypassing the robot’s official controller to directly activate its motors and execution components. Once compromised, hackers could cause robots to perform aggressive or dangerous actions.
This vulnerability lies at the heart of security concerns for robots. When network weaknesses are coupled with the robots’ physical capabilities, the potential damage extends to data systems and beyond.
While some companies, like the industry’s leading firm, have established dedicated security teams—Unitree Robotics, for instance, did so in the latter half of this year—others have yet to implement similar measures, including Deep Robotics and EngineAI Robotics Technology.
The current security flaws in certain humanoid robots are reflective of the industry’s developmental phase, noted Lin Yipei, a robotics engineer. He explained that roughly 80% of Unitree’s quadrupeds last year were used for research, education, and consumer purposes. For ease of debugging and quick updates, these machines often come equipped with developer-focused features like remote login and low-level controls—features usually disabled in finalized, mass-produced models like automobiles to prevent misuse.
If these features are improperly accessed once robots are deployed publicly, they could allow unauthorized users to control the devices, significantly escalating safety risks.
Researcher Xu Zikai mentioned that an incident occurred where an employee sustained a foot injury from an uncontrollable robot. He also referenced another case at the World Robot Conference in Beijing where a quadruped robot unexpectedly collided with children.
Xu emphasized that robots are far from being wholly “safe,” highlighting the need for comprehensive security measures encompassing device design, software, hardware, and development practices. A multi-layered defense is essential because attackers tend to exploit the weakest links—an analogy often called the “barrel principle,” where the system’s overall security depends on its most vulnerable part.
ChatGPT
Perplexity
Gemini AI
Grok AI
