BAD DOGGIE: Remote Access Backdoor Discovered in Chinese Robot Dog Unitree Go1.

The discovery of the backdoor was made by cybersecurity specialists Andreas Makris (aka Bin4ry) and Kevin Finisterre (aka d0tslash), who published their findings in a detailed technical report late last week. The duo reverse-engineered firmware and conducted a hands-on analysis of the Unitree Go1 robot dog, revealing that each device ships with a preconfigured tunnel client that initiates a connection to CloudSail — a remote access platform developed by Zhexi Technology, based in China.

The researchers demonstrated that upon gaining access to the CloudSail API, which they did using a recovered API key, they could:

• List all connected devices and their IP addresses

• Establish remote tunnels to those devices

• Access the robot dog’s web interface with no authentication

• Use the robot’s cameras for live surveillance

• Log in via SSH using default credentials (pi/123)

• Move laterally within internal networks to which the robot is connected

Makris and Finisterre identified a total of 1,919 unique Unitree Go1 units that had connected to the CloudSail network. While most connections originated from Chinese IP addresses, a significant number were traced to academic and corporate networks abroad. Notable institutions included MIT, Princeton, Carnegie Mellon, and the University of Waterloo, among others. The researchers even observed some units connecting via Starlink, suggesting use in mobile or remote environments.