Hidden Backdoor in Unitree Go Robot Dog Exposes Critical Security Flaws

By /

Listen to this Post

Researchers have discovered a hidden backdoor in the Unitree Go1 robot dog, allowing unauthorized remote access without user consent. The vulnerability stems from default SSH credentials, significantly increasing security risks for users.

You Should Know:

1. How the Backdoor Works

The Unitree Go1 robot dog comes with pre-configured SSH credentials, enabling attackers to gain remote control over the device. This backdoor could allow malicious actors to:
– Manipulate the robot’s movements.
– Access onboard cameras and microphones.
– Deploy additional malware.

2. Verify and Secure SSH Access

If you own a Unitree Go1 or any IoT device, follow these steps to check for default SSH credentials:

 Check active SSH connections 
netstat -tuln | grep 22

Attempt login (replace IP with your device's IP) 
ssh root@<DEVICE_IP> 
 Default credentials may include admin:admin, root:root, or similar

3. Mitigation Steps

To secure your device:

  • Change Default Credentials: 
    passwd root
  • Disable SSH if Unnecessary: 
    sudo systemctl disable ssh 
sudo systemctl stop ssh
  • Enable Firewall Rules: 
    sudo ufw allow from <TRUSTED_IP> to any port 22 
sudo ufw enable
  • Monitor Logs for Unauthorized Access: 
    sudo tail -f /var/log/auth.log

4. Check for Firmware Updates

Always ensure your device runs the latest firmware. If Unitree releases a patch, apply it immediately.

What Undercode Say

This incident highlights the dangers of default credentials in IoT devices. Similar vulnerabilities have been exploited in routers, cameras, and smart home devices. Always:
– Audit network-connected devices.
– Use strong, unique passwords.
– Disable remote services when not needed.
– Monitor logs for suspicious activity.

Relevant Linux Commands for Security Audits:

 Scan for open ports 
nmap -sV <TARGET_IP>

Check running processes 
ps aux | grep ssh

List authorized SSH keys 
cat ~/.ssh/authorized_keys

Check failed login attempts 
sudo grep "Failed password" /var/log/auth.log

Expected Output:

tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 
[email protected]'s password: 
Connection closed by 192.168.1.100 port 22

Reference: Unitree Go1 Backdoor Report

References:

Reported By: Hendryadrian China – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass βœ…

Join Our Cyber World:

πŸ’¬ Whatsapp | πŸ’¬ TelegramFeatured Image

Related Posts: