Xuangan Xiao
Xuangan Xiao is a security researcher at DARKNAVY, with interests in mobile security and system security. Previously, he was a member of the CTF team 0ops and won DEFCON CTF in 2021 and 2022 with the united team A0E and Katzebin. He has discovered multiple vulnerabilities in mobile devices, IoT systems, and vehicles, and has published several papers at academic conferences such as IEEE S&P.
Session
We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.