China-based manufacturer Unitree Robotics pre-installed an apparent backdoor on its popular Go1 robot dogs that allowed anyone to surveil customers around the world, according to findings from two security researchers.
Why it matters: Clear evidence of a backdoor in widely sold consumer technology is rare, and it affirms longstanding concerns from U.S. officials that Chinese-made devices could quietly enable foreign surveillance.
Driving the news: A new Common Vulnerabilities and Exposures listing confirms the issue as a critical vulnerability, formally cataloged under CVE-2025-2894.
- The CVE listing recommends that owners “disable the local endpoint” that has been enabling this backdoor.
Zoom in: Anyone who came across the public-facing web API could see where Go1 robot dogs were — and if the robot was online, they could view live camera feeds without needing to log in.
Chinese robotics manufacturer left backdoor in product
American Buddhist Net 