Summary: Researchers have discovered a hidden remote access tunnel pre-installed on the Unitree Go1 robot dog that activates upon internet connectivity, allowing external access to the device. This backdoor, associated with CloudSail, raises significant security concerns regarding user consent and potential exploitation. Additionally, default SSH credentials pose further risks, and similar vulnerabilities may exist in other Unitree products.
Affected: Unitree Robotics (Go1 robot dog)
Keypoints :
- The Go1 robot dog contains an undocumented tunnel service allowing remote access via an API key.
- The presence of default SSH credentials could enable attackers to access the underlying Raspberry Pi.
- Researchers recommend permanently removing the device from networks and examining logs for potential breaches.
- Concerns regarding the intent behind the implementation of the backdoor remain unresolved.
Source: https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/
Views: 16