Core Viewpoint - The article highlights a significant wireless security vulnerability in multiple models of robots from Unitree, which allows attackers to gain root access and potentially create a zombie network of infected robots [1][4]. Vulnerability Details - Various models of Unitree robots have a serious vulnerability in their BLE (Bluetooth Low Energy) Wi-Fi configuration interface, enabling attackers to achieve maximum control [2]. - Attackers can bypass authentication using a hardcoded key in the firmware, allowing them to execute commands with root privileges [10][11]. - The vulnerability is characterized as "wormable," meaning that once one robot is compromised, it can automatically infect other nearby Unitree devices [15][16]. Researcher Communication - The researchers who discovered the vulnerability, Andreas Makris and Kevin Finisterre, communicated with Unitree multiple times since May 2023, but progress on fixing the issue was minimal [20][21]. - The researchers publicly released a toolchain called UniPwn on GitHub, which exploits the vulnerability, revealing that multiple security flaws still exist in Unitree's firmware as of September 20, 2025 [22][23]. Company Response - In response to the growing concerns, Unitree acknowledged the security issues and stated that they have formed a product security team to enhance product safety [6][25]. - The company claimed to have completed most of the necessary fixes and will push updates to users soon [25]. - Unitree expressed gratitude for external oversight and aims to collaborate with others to improve safety in the robotics field [27][31].