Two cybersecurity researchers have now revealed that the China-based manufacturer Unitree Robotics pre-installed an undocumented remote access backdoor into every Go1 robot. Their investigation uncovered how anyone, could potentially tap into these robots — viewing camera feeds, locating devices in real time, and even seizing full control without permission.

This isn’t just a slight security oversight. It’s a major security risk in a widely sold consumer robot. The report doesn’t claim whether this was intentional or just bad design.

The vulnerability has now been formally documented under CVE-2025-2894, labeled a critical security flaw in the Common Vulnerabilities and Exposures listing. At its heart lies a tunnel client embedded in the Go1’s operating system, quietly connecting to a third-party platform named CloudSail, developed by a Chinese firm called Zhexi Technology.

Unitree Go1

The sleek, four-legged Unitree Go1 robot dog was marketed as a futuristic companion for researchers, educators, and tech enthusiasts. But beneath its metallic skin, it has more than clever actuators. It has a backdoor that outsiders can tap into.

According to researchers Andreas Makris and Kevin Finisterre, who conducted an exhaustive teardown of the robot, this backdoor would auto-start on boot if internet connectivity was available.

Once connected to the internet, the Go1 robot would automatically establish a link with CloudSail. This tunnel client granted remote operators the ability to:

• List connected devices and their IP addresses;
• Initiate connections back into users’ private networks;
• Access the robot’s live camera feed with no login;
• Control the robot’s movement using default credentials;
• Move laterally across internal systems.

In total, the team identified 1,919 unique Go1 robots that had accessed the CloudSail network. While many came from China, others traced to networks in North America and Europe, including high-profile institutions such as MIT, Princeton, Carnegie Mellon, and the University of Waterloo. Some units even used Starlink, suggesting deployments in mobile or remote settings.

Unitree is a hype company

If you read the news and browse social media, the odds are you’ve seen at least one Unitree robot. We’ve covered them as well. They have an impressive array of humanoid robots that can do Kung Fu and backflips as well as a couple dog-type robots. Furthermore, Unitree was one of the leading companies who signed a pledge against weaponizing robots, along with Boston Dynamics.

The Unitree Go1, sold in Air ($2,500), Pro ($3,500), and Edu ($8,500) versions, shares the same software architecture across models. And it’s widely used — by students, researchers, corporate labs, and even defense contractors experimenting with robotic mobility. Its robots often go viral on social media and it seems to have a bright future ahead.

That’s what makes this kind of vulnerability so dangerous.

Unitree responded to the claims by asserting that the issue stemmed from hackers who “illegally obtained the management key of the third-party cloud tunnel service” and “used it to modify data and programs within the user’s machine with high-level permission.” The company also said that newer models, like the Go2 and humanoid robots, are unaffected by this issue.

Still, the company admitted that remote tunnel features like this are “common” in the robotics industry — a statement that is concerning considering how popular robots are becoming. Even if the tunnel was never exploited, its very existence is unacceptable in consumer and research devices. Whether this was an intentional backdoor or — as Makris told Axios — “sloppy architecture, sloppy programming,” remains uncertain. But it raises a big alarm.

As is often the case, the smarter our devices, the more the risk of security breaches increase. So, without strict oversight, transparency, and built-in protections, the smart machines meant to serve us could quietly become tools for intrusion.