← Smart Home
F

Unitree Go2 Robot Dog

Fail
Unitree Robotics · 🇨🇳 China · WiFi + Bluetooth
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: Unitree Go2
Manufacturer: Unitree Robotics

⚠️ The bottom line

Every Unitree robot dog has a backdoor. A tunnel built into the firmware connects to servers in China, giving Unitree — or anyone who hacks Unitree — remote access to the robot's cameras, microphone, and legs. The company can watch through your robot's eyes and drive it around your house. You bought a pet. It reports to Beijing. All Unitree robot dogs share one tunnel service. Hack one, access all. The tunnel transmits API keys in plaintext. A vulnerability in the Chinese tunnel provider exposes every robot dog on Earth simultaneously. Your home robot is one server breach away from being remotely controlled by a stranger. And the tunnel cannot be turned off.

Legal jurisdiction
🇨🇳 China (headquarters)
National Intelligence Law read more →
Company must secretly hand data to Chinese intelligence on request
Data Security Law read more →
State can classify any data as 'important' and demand access for national security
Spying
3/4 HIGH
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
2Contradictions
2Critical
0High
0Medium
2Sources
Findings by concern
Spying 3/4 HIGH 1 finding
⚠️ criticalmarketing vs third party research
Every Unitree robot dog has a backdoor. A tunnel built into the firmware connects to servers in China, giving Unitree — or anyone who hacks Unitree — remote access to the robot's cameras, microphone, and legs. The company can watch through your robot's eyes and drive it around your house. You bought a pet. It reports to Beijing.

What they claim: Unitree Go2 promoted as a consumer robot companion with fun capabilities

What we found: In 2024, security researchers discovered that every Unitree Go2 robot dog contains a pre-installed remote access tunnel (CloudSail/Zhexi) that connects back to Unitree's servers in China. Through this tunnel, Unitree — or anyone who compromises their infrastructure — can remotely access the robot's cameras, microphone, and movement controls. The tunnel is active by default and cannot be disabled through normal settings.

Security 3/4 HIGH 1 finding
⚠️ criticalprivacy policy vs third party research
All Unitree robot dogs share one tunnel service. Hack one, access all. The tunnel transmits API keys in plaintext. A vulnerability in the Chinese tunnel provider exposes every robot dog on Earth simultaneously. Your home robot is one server breach away from being remotely controlled by a stranger. And the tunnel cannot be turned off.

What they claim: Unitree describes the Go2 as safe for home use with privacy protections

What we found: The CloudSail tunnel service used by Unitree is operated by Zhexi Technology, a Chinese company. All Unitree robot dogs share the same tunnel infrastructure, meaning a vulnerability in the CloudSail service could expose every Go2 robot globally. Researchers found the tunnel also transmitted API keys and management tokens in plaintext, allowing lateral access to other robots on the network.

Sources