Robots

what’s lurking inside these creepy robot dogs?



Yep, you read that right. A Chinese robot dog that builds a tunnel into your network for the world to see! Check it out here.

Remote Access Backdoor Discovered in Chinese Robot Dog Unitree Go1

🔴 LIVE @ https://twitch.tv/LowLevelTV
🏫 COURSES 🏫 Learn to code in C at https://lowlevel.academy
🔥 SOCIALS 🔥 Come hang out at https://lowlevel.tv

source

Related Articles

34 Comments

  1. Wow these robots looked cool but I couldn't think of a reason to get one but glad I didn't. It does seem common for IoT stuff to be like "hey this device is extendable and you can do you're own thing with it" just means "we made it really insecure and that makes it easy for you (or anyone) to do whatever you want with it"

  2. Three “Brains,” One Body
    Raspberry Pi 4 (the “master”)

    Handles high‑level logic, network, and coordination.

    Feeds off your external power supply and the smart battery via a power‑management board.

    Nano‑1 & Nano‑2 (the “body controllers”)

    Each Nano‑4GB talks to two depth cameras and crunches vision data for walking and obstacle avoidance.

    Nano‑3 (the “head controller”)

    Drives the head’s two depth cameras and any extra sensors up top.

    All three modules link into an internal Ethernet switch—that’s your backplane for data and commands.

    The Sensor & Actuator Bus
    Sensors:

    IMU and “master controller” feed inertial data into the switch.

    Depth cameras plug directly into their assigned Nano board.

    Motors:

    A shared RS‑485 bus snakes out from the master switch to all 12 brushless motor controllers in the legs.

    Why This Matters for Hacking
    Ethernet switch = one chokepoint for network‑level MITM or firewall rules.

    UART headers likely live on each compute board—your golden ticket for console access.

    RS‑485 bus is where motion commands flow; spoofing packets here could let you “puppet” the legs.

    Flash storage on each Nano (eMMC or SPI‑NOR) holds the firmware you’ll dump, patch, and reflash.

    Attack‑Surface Roadmap
    Pi 4 first: It’s higher‑level, already running Linux—UART → dump /dev/mmcblk0 → patch U‑Boot or systemd.

    Nanos next: Repeat the UART‑dump‑patch dance on each; they host the computer‑vision and gait‑control code.

    Lock down RS‑485: Once your firmware’s clean, either block or inject commands on the motor bus.

  3. I had a Go2. It was fun but also didn't do anything with it and sold it. I never had the balls to 1: connect it to my network, or 2: use their app.. I REALLY try not using any chinese apps and if I do, I do it on a specific device.

  4. <sarcasam>My guess it is working as expected, what is the issue or bug?</sarcasam>
    Remote access to customer facilities is why the device is sold for, and btw the customer gets to keep the device too. yeah

  5. I tend to believe that it wasn't malicious but developers/release managers being lazy. Why? Because they open-sourced the software and provided the Cloudsail key to the researchers.

  6. "specifically targeting research institutes" when the phrasing in your marketing tells on you. oh great two way cloud connection between all the dogs, that's got potential for horrible pack behaviors..

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button