Imagine you buy a humanoid robot for your company or your home. Not only does he walk, speak and obey orders, but also learn from his surroundings. Now imagine that, Every five minutes, that robot sends data to servers in China without anyone telling you. It is not science fiction: it is the conclusion of a recent study on the Unitree G1, a humanoid robot model that is sold worldwide.
The analysis, published in Arxiv, argues that the G1 works not only as an assistant, but also as a potential undercover espionage device. Its sensors (cameras, microphones, navigation systems …) generate valuable informationand that information travels periodically to the cloud, beyond the borders of the country where the robot operates.
The team of researchers discovered that the G1 transmits data to regular intervals of 300 seconds. Apparently it is only routine telemetry, but the problem is that it does it without informing the user or offering any control about that transmission. And he sends it to servers housed in China, which opens a waterfall of legal, ethical and geopolitical questions.
In addition, the authors, led by Víctor Mayoral-Vilches, The Spanish company alias Robotics, located serious security failures: a weak connection process via Bluetooth low energy (BLE)pre -installed encryption keys and an owner encryption system (called FMX) that combines obsolete algorithms such as Blowfish in ECB mode. Result: The robot can be manipulated, infected with external commands or even turned into an attack vector against the network in which it is installed.
In simple words: The G1 is not just an assistant, it is a Trojan horse with metal legs. It is obvious that humanoid robots have ceased to be a technological fair prototype. They are used in factories, logistics stores, hospitals, private security and even in research laboratories. That one of these robots sends data without permission or can be hacked has huge consequences.
And finally, we have our privacy committed: A robot with cameras and microphones in an office or a hospital can capture confidential conversations, documents, work habits. To this we must add that if the robot is connected to the Wi -Fi of a company, an attacker could use it to infiltrate critical systems.
But there are more: if the data is concentrated on servers in China, the countries where the G1 circulates are exposed to possible strategic uses of that information. The study remembers that this is not just a technical problem: also You can violate data protection laws such as the General Data Protection Regulations (GDPR)which demands explicit consent and transparency in the use of personal information.
But this is not new. In 2017, the United States prohibited the use of Chinese brand security cameras in federal buildings, fearing that they send sensitive information abroad. But the case of Unitree G1 adds a disturbing nuance: These are humanoid robots, not simple fixed cameras.
A robot can move, approach documents on a table, follow people inside a building or Listen to conversations in different rooms. His mobility makes him a much more versatile and dangerous data collection.
One of the great open questions is whether these periodic transmissions are part of an intentional design, for example, for the manufacturer to supervise the state of the robot, or If it is a poorly raised function that ended up generating vulnerability.
Mayoral-Vilches team He tried to contact Unitree to obtain explanations. At first they received answers, but finally the company stopped answering them. Of course, they issued a statement in which security concerns indicate:
“We have been aware that some users have discovered safety vulnerabilities and network -related problems when using our robots -points out -. We begin to address these concerns immediately and We have already completed most of the corrections. These updates will be implemented soon”
The Episode of the Unitree G1 works as a warning to navigators. Robotics is entering everyday life at high speed, and Each robot is, in essence, a computer with legs, eyes and ears. Cybersecurity can no longer be an accessory: it must be part of the design from the first screw.
The question is not only technical, but politics: Should governments regularly regulate the sale and import of connected robots? ¿They should force the data to store locally and never cross borders?