On May 8, Unitree Tech announced the findings of its investigation into claims by a blogger that its Go1 robot dog was susceptible to a backdoor vulnerability. The company acknowledged that the issue constituted a security flaw, enabling hackers to illegally access the management key of a third-party cloud tunnel service. This allowed them to modify data and programs with elevated permissions on user devices, gain operational control, and access video streams, thereby breaching customer privacy and security. Unitree Tech clarified that the management key and the implicated services were provided by a third-party cloud service provider.
To rectify the situation, Unitree Tech took decisive action. On March 24, 2025, the company changed the management key, and on March 29, it completely disabled the tunnel service, ensuring that the Go1 series of products are no longer vulnerable to this exploit.
