Yep, you read that right. A Chinese robot dog that builds a tunnel into your network for the world to see! Check it out here.
Remote Access Backdoor Discovered in Chinese Robot Dog Unitree Go1
๐ด LIVE @ https://twitch.tv/LowLevelTV
๐ซ COURSES ๐ซ Learn to code in C at https://lowlevel.academy
๐ฅ SOCIALS ๐ฅ Come hang out at https://lowlevel.tv
source
you know what else comes with special features? … idk anyway check out https://lowlevel.academy and learn to code today! ( its on sale btw ๐)
A backdoorable robot dog will sell well in Pakistan, something tells me.
Wow these robots looked cool but I couldn't think of a reason to get one but glad I didn't. It does seem common for IoT stuff to be like "hey this device is extendable and you can do you're own thing with it" just means "we made it really insecure and that makes it easy for you (or anyone) to do whatever you want with it"
Bad that a company is wantedly doing this.
homeless people from all over the world will use these robots as their toys
expensive and yet zero effort put into the actual software, somebody get these guys jobs at boeing.
Three โBrains,โ One Body
Raspberry Piย 4 (the โmasterโ)
Handles highโlevel logic, network, and coordination.
Feeds off your external power supply and the smart battery via a powerโmanagement board.
Nanoโ1 & Nanoโ2 (the โbody controllersโ)
Each Nanoโ4GB talks to two depth cameras and crunches vision data for walking and obstacle avoidance.
Nanoโ3 (the โhead controllerโ)
Drives the headโs two depth cameras and any extra sensors up top.
All three modules link into an internal Ethernet switchโthatโs your backplane for data and commands.
The Sensor & Actuator Bus
Sensors:
IMU and โmaster controllerโ feed inertial data into the switch.
Depth cameras plug directly into their assigned Nano board.
Motors:
A shared RSโ485 bus snakes out from the master switch to all 12 brushless motor controllers in the legs.
Why This Matters for Hacking
Ethernet switch = one chokepoint for networkโlevel MITM or firewall rules.
UART headers likely live on each compute boardโyour golden ticket for console access.
RSโ485 bus is where motion commands flow; spoofing packets here could let you โpuppetโ the legs.
Flash storage on each Nano (eMMC or SPIโNOR) holds the firmware youโll dump, patch, and reflash.
AttackโSurface Roadmap
Piย 4 first: Itโs higherโlevel, already running LinuxโUART โ dump /dev/mmcblk0 โ patch UโBoot or systemd.
Nanos next: Repeat the UARTโdumpโpatch dance on each; they host the computerโvision and gaitโcontrol code.
Lock down RSโ485: Once your firmwareโs clean, either block or inject commands on the motor bus.
It was the lightbulb all along…
americans hyper focussing on chinese 'surveillance' as if the real problem is not knock knocking at your door is absolutely surreal to watch
Damn I wanted to buy one of these after Uni. I hope an open source OS will will be available for them, with 3rd party security patches.
That backdoor is the standard chinese backdoor that we see in some of these routers and embedded devices.
It's not a dog, it's a RAT
I had a Go2. It was fun but also didn't do anything with it and sold it. I never had the balls to 1: connect it to my network, or 2: use their app.. I REALLY try not using any chinese apps and if I do, I do it on a specific device.
<sarcasam>My guess it is working as expected, what is the issue or bug?</sarcasam>
Remote access to customer facilities is why the device is sold for, and btw the customer gets to keep the device too. yeah
This is what happens when you let electronics and mechanical engineer go by themselves without a software dev or cybersecurity expert auditing their code
IoT stuff is trash.
It's more of an exploit to hack and doxx you, than it is useful for ANYTHING else.
Doesn't the S in IOT stand for security?!?
I doubt that its a backdoor or a virus, if they were going to do it they would've hid the source code
I tend to believe that it wasn't malicious but developers/release managers being lazy. Why? Because they open-sourced the software and provided the Cloudsail key to the researchers.
IPL have this
I doubt that will happen (lights go out)
Are you saying the next generation Russian Killer Drone is this thing? Naw. No way. Fake news. Mis information.
Neh.
the Huawei phone memes are real
Let's be honest this is China we are talking about the thieves of the world.
I think itโs pronounced โSexyโ
Cloudcel lol
The surveillance spy phones are not enough, so they are making surveillance pets and women. This is an attack on humanity; I repeat, this is an attack on Humanity.
Best reverse shell ever!
so what I'm hearing is a rouge AI could instantly access an army of robot dogs without going through any real security ๐ค that's wonderful
move fast and break things
Also. Isle of Dogs Vibes (https://www.youtube.com/watch?v=dt__kig8PVU)
"specifically targeting research institutes" when the phrasing in your marketing tells on you. oh great two way cloud connection between all the dogs, that's got potential for horrible pack behaviors..
Thanks maate ๐(Ed). I just passed the references (and your beautiful mug) on to "OTAhgo" uni.. Not often you see kiwi entities named.
Anything that does software/firmware updates has an equivalent vulnerability.