Security advisory · updated 2026
Unitree security & UniPwn hardening.
Is your Unitree robot affected by UniPwn? Here's what the 2025 Bluetooth exploit was, what firmware 1.5.2 actually fixed, and what fleet operators still need to do. Written by engineers who harden these platforms for a living — not a reseller checklist.
Step 1
Am I affected?
UniPwn (2025) was disclosed against Unitree Go2, B2, G1, and H1 over Bluetooth Classic. The H2 and R1 were not in the disclosed set but share firmware lineage — verify their signed build before deploying to any production network.
| Platform | Status | What to do |
|---|---|---|
| Unitree Go2 | Affected (Bluetooth) | Verify ≥ 1.5.2 · isolate network · lock BT |
| Unitree B2 | Affected (Bluetooth) | Verify ≥ 1.5.2 · isolate network · attest fleet |
| Unitree G1 | Affected (Bluetooth) | Verify ≥ 1.5.2 · lock radios · signed staged OTA |
| Unitree H1 / H1-2 | Affected (Bluetooth) | Verify ≥ 1.5.2 · attest fleet · incident playbook |
| Unitree H2 | Verify firmware lineage | Confirm signed build · lock unused radios |
| Unitree R1 | Verify firmware lineage | Confirm signed build · keep on isolated VLAN |
Affected status reflects the disclosed 2025 vector. Always confirm against Unitree's current advisories for your exact SKU + firmware.
Step 2
What firmware 1.5.2 fixed — and what it didn't.
Closed by Unitree
- The disclosed Bluetooth Classic attack path on Go2, B2, G1, H1
- Pre-authentication firmware replacement within radio range
Still your responsibility
- Network isolation (VLAN, firewall, monitoring)
- Bluetooth + unused-radio lockdown
- Signed, staged OTA update policy
- Per-device attestation across a fleet
- Incident-response playbook
Step 3
Verify firmware before you deploy.
This is the same script our security service runs on every robot before we admit it to a customer network. It asserts a pinned firmware version, verifies the signed image, and locks the radios that don't belong on a production VLAN.
# Firmware verification — pinned version + signature # Runs on the operator's host before the robot is admitted to the # production VLAN. Raises on bad signature, stale firmware, or # missing network policy. import hashlib from unitree_sdk2py.firmware import read_firmware, verify_signature PINNED_VERSION = ">=1.5.2" EXPECTED_SHA = "a1b2c3d4..." # pinned at deployment time, not in code def harden(robot): fw = read_firmware(robot) assert fw.version >= PINNED_VERSION, f"Outdated firmware: {fw.version}" assert hashlib.sha256(fw.image).hexdigest() == EXPECTED_SHA, "Hash mismatch" verify_signature(fw) # raises on bad signature robot.disable_bluetooth() robot.disable_undocumented_radios() robot.set_network_policy("isolated") log_attestation(robot, fw) # ship to fleet inventory
FAQ
UniPwn questions, answered honestly.
- UniPwn is a 2025 disclosure class affecting Unitree Go2, B2, G1, and H1 platforms over Bluetooth Classic. It let an attacker within radio range reach the robot's control surface. Unitree patched the core issue in firmware 1.5.2.
- If you are on firmware 1.5.2 or later and verified the signature, the original UniPwn vector is closed. Residual risk remains from unverified firmware, exposed radios, flat networks, and unsigned OTA updates — which is what fleet hardening addresses.
- It closed the disclosed Bluetooth path. It does not isolate the robot on your network, lock down unused radios, enforce signed staged OTA, or give you per-device attestation — those are operator responsibilities.
- Firmware signature verification and version pinning, Bluetooth and unused-radio lockdown, network isolation (VLAN + firewall + monitoring), signed staged OTA policy, fleet inventory with per-device attestation, and an incident-response playbook.
- No. This is legitimate defensive hardening only — never circumvention, tier unlocks, or backdoors. Those violate partner terms and warranty and create liability.
Related
Keep reading.
Harden your fleet before the next disclosure.
Submit your use case. We'll tell you exactly what your platforms need, free — and quote the hardening engagement only if it's a fit.