Security Flaws โFound in Yushuโ Technology Robots, Raising Control concerns
A significant security vulnerability โฃhas been โdiscovered in severalโ robots manufactured by โYushu โคTechnology, possibly allowingโ attackers to gainโ full controlโ of โขthe devices. โThe issue, reported by IEEE Spectrum on September 25th, centers around a flaw in the Bluetooth Low-Energy (BLE) Wi-Fi โคconfiguration interface used by the robots. Security personnel initially โคalerted the company to the vulnerability on september 20th.
The affected models include the Yushu Go2 and โB2 quadruped robots, โand also the G1 โฃandโ H1 humanoid robots.โ Researchers characterize the โคvulnerability as “wormable,” meaning it can self-propagate wirelessly.This allows an infected robot to automatically โคcompromise other Yushu robots within BLE range, โขcreating aโ potentially โขwidespreadโฃ “robot botnet” without any userโข interactionโ – a first-of-its-kind vulnerability disclosed on a โขcommercial humanoid robot platform.
the vulnerability stems from a weak authentication process. While โขtheโฃ robots verify BLE packet โฃcontent, โtheyโค reportedly allow login simply by encrypting the string “unitree” โข(Yushu’s English name) with a โpre-defined, hardcoded key.
Security researcher Andreasโค makris explained that while a simpleโฃ attack couldโ merely restart aโ robot, more โcomplex attackers could implant malware or steal data. The โขBLE transmission methodโฃ makes the robots susceptible to rapidโ “infection” across a โคnetwork.
Researchersโข first contacted โฃYushu Technology in May to report the vulnerability. After repeated attempts to communicate and a lack of response from Yushuโ in July, they decidedโข to publicly disclose the flaw. Makris expressed frustration with the communication process and noted a previous discovery of a backdoor vulnerability in the Yushu Go1 model, raising questions about whether the vulnerabilities are intentional or the result โof โcareless โขdevelopment.
As of the report’s publication, Yushu Technology had not responded to requests for comment from IEEE Spectrum.
Victor Mayoral-Vilches, founder โof robotic cybersecurity company Alias Robotics, criticized Yushu’s response, stating the company “ignores โprevious security exposuresโ and multiple attempts to contact.” He alsoโข previously identified undisclosed telemetry data from yushu robots being transmitted toโ serversโ in china, potentially including sensitiveโข information like audio, images, andโค spatial data.
Mayoral-Vilches highlighted the accessibility and affordabilityโค of Yushu robots as aโ reason for the increased scrutiny from security researchers, emphasizing that usersโฃ worldwide may โbe unaware of the potential risks.
Aโ particular concern was raised regarding the Nottingham policeโ in the UK,who are currently testingโ the vulnerable Go2 model. โขResearchers attempted โฃto proactively informโ the โpolice department of the vulnerability before public disclosure, but โขtheir efforts were reportedly โignored, prompting concerns about potential misuse by attackers.
In the short term, researchers โrecommendโฃ users connect their yushu robots to isolatedโข Wi-Fi networks and disable Bluetooth connectivity. However, both Mayoral-Vilches and Makrisโฃ agree that Yushu Technology must prioritize long-term security and actively engage with security researchers andโค users to address the underlying issues.
Makrisโข cautionedโ that achieving 100% security is unrealistic, but proactive measures are crucial to mitigate the risks.