This Humanoid Robot Is Cheaper Than Rivals—And Full of Security Flaws, Researchers Say

In the escalating humanoid robotics race, the spotlight usually falls on Tesla’s Optimus or Boston Dynamics’ Atlas—towering, headline-grabbing machines meant to wow investors as much as engineers.

But the Unitree G1, a squat four-foot-tall robot from Unitree Robotics, a Chinese manufacturer better known for its quadruped “robot dogs,” is quietly becoming the workhorse of a different revolution: affordable humanoids.

At roughly $16,000, it is cheap enough for universities, robotics clubs, and startups to buy off the shelf and put through its paces. The G1 is showing up in labs from Beijing to Boston, learning to climb stairs, pick up boxes, and wave at onlookers.

That new accessibility, however, comes with a risk—and a new report warns that the danger isn’t theoretical. In a technical study published last week, researchers from Alias Robotics tore into the G1’s inner workings, from its Linux-based software stack to its custom encryption scheme and cloud connections.

What they found was an ambitious security design undermined by brittle execution: encryption keys that never change, random number generators that aren’t truly random, and telemetry pipelines that quietly stream video, audio, and motion data back to outside servers without user transparency. Analysis of its data distribution service (DDS) revealed more than 40 active data streams prepped for transmission.

“Our investigation found no evidence of privacy policies, data collection disclosures, user consent mechanisms, or opt-out options that would allow local-only operation,” the report said. “The robot provides no visual or auditory indicators when recording or transmitting data, leaving users completely unaware of the surveillance occurring in their presence.”

The report’s author, Alias Robotics co-founder and Chief Science Officer Víctor Mayoral-Vilches, framed the problem in architectural terms.

“To understand the cybersecurity challenges in robotics, we must first understand their fundamental architecture,” he wrote. “Robots are networks of networks, with sensors capturing data, passing to compute technologies, and then on to actuators and back again in a deterministic manner.”

That architecture, according to the researchers, is poorly defended in the G1. The robot’s data protection scheme relied on a proprietary encryption protocol called FMX, which used static, hardcoded keys rather than randomized ones. That design allowed configuration files and firmware to be decrypted offline without brute force or remote access. Researchers extracted and reverse-engineered cloud connection details and control routines, further exposing how attackers could pivot through the system.

They didn’t stop at theory. Using a custom-built AI agent onboard the robot, the team simulated a scenario in which the G1 scanned its environment, mapped local networks, and prepared actions against the manufacturer’s own infrastructure. The “Cybersecurity AI,” as they called it, operated autonomously and required no outside guidance once deployed—turning a consumer-grade humanoid into an offensive cyber weapon.

The implications extend beyond the lab. The G1’s persistent telemetry transmission could run afoul of data protection laws like the European Union’s General Data Protection Regulation (GDPR), depending on how and where it’s deployed. Unitree did not immediately respond to requests for comment.

The study also highlighted another red flag: the robot is built on aging middleware—ROS 2 Foxy and an outdated version of CycloneDDS—whose support windows have already closed. That means unpatched vulnerabilities may linger, compounding risks alongside a weak secure-boot implementation and exposed hardware ports.

The concerns aren’t new for Unitree. Earlier this year, researchers discovered an undocumented remote-access backdoor in its Go1 robot dog that granted third parties access to camera feeds and controls.

Decrypt reached out to Unitree and the Alias Robotics team for comment, but did not immediately receive a response from either party.

All this comes as humanoid development accelerates globally. Companies like Figure, Tesla, Wandercraft, and Nvidia are racing to commercialize humanoids, with Goldman Sachs projecting the sector could reach $38 billion by 2035. The study warned that as these machines proliferate, their flaws scale with them. A single vulnerable robot may be an oddity; thousands, each with cameras, microphones, and actuators, become a systemic risk.

Mayoral-Vilches put the conclusion bluntly: “The convergence of physical presence, connectivity, and autonomy creates a threat surface only AI can defend, making Cybersecurity AIs essential infrastructure rather than optional add-ons.”

For now, the G1 is still a laboratory curiosity with a friendly face and a wobbly gait. But as the price of humanoids keeps falling and adoption widens, the questions raised by this report will only get louder. If robots are going to walk among us, then we had better make sure we can trust them.