China-based manufacturer Unitree Robotics pre-installed an apparent backdoor on its popular Go1 robot dogs that allowed anyone to surveil customers around the world, according to findings from two security researchers.

Why it matters: Clear evidence of a backdoor in widely sold consumer technology is rare, and it affirms longstanding concerns from U.S. officials that Chinese-made devices could quietly enable foreign surveillance.

Driving the news: A new Common Vulnerabilities and Exposures listing confirms the issue as a critical vulnerability, formally cataloged under CVE-2025-2894.

The CVE listing recommends that owners "disable the local endpoint" that has been enabling this backdoor.

Zoom in: Anyone who came across the public-facing web API could see where Go1 robot dogs were — and if the robot was online, they could view live camera feeds without needing to log in.

If the robot's default Raspberry Pi credentials hadn't been changed, attackers could also use those to fully control the dog.

Andreas Makris and Kevin Finisterre — who are also known for exposing vulnerabilities in DJI drones — discovered the issue while tinkering with their own Go1s. They tested the flaw on each other's devices to confirm it worked.

They also found that robot dogs from major U.S. research universities, including MIT, Princeton and Carnegie Mellon, could have been vulnerable at some point.

https://www.axios.com/2025/04/01/threat-spo...f-cybersecurity

Does the eyes turn red when backdoor activated? Got biting function?

live service access for manufacturer debugging
#bersangkabaik

also selow
https://forum.lowyat.net/index.php?showtopi...140&hl=backdoor

I thought they said China low tech, copy paste only, shitty product, shitty human, shitty people road side. Apa mau takot?