WHY THIS MATTERS IN BRIEF
Being able to hack and corrupt objects when they are connected is one thing, but “offline” systems being compromised is another level.
Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.
Just a single whispered word of command could allow foreign spies to take control of an army of robots, Chinese security researchers have warned. The vulnerability in humanoid robots, which could see disruptive behaviour spread from one machine to another and cause widespread chaos, was exposed a few weeks ago at the GEEKCon competition in Shanghai, China.
Since its inception in 2014, GEEKCon has successfully held 17 events, bringing together “white-hat hackers” from China, the US, Russia and elsewhere to compete.
Security researchers Qu Shipei and Xu Zikai from DARKNAVY, a cybersecurity research group, showed how to take control of a robot using just a verbal command and then used that compromised robot to infect others, ultimately manipulating them to carry out malicious instructions.
The test subject was a domestically produced Unitree humanoid robot priced at around 100,000 yuan ($14,200). The participants exploited a flaw within the robot’s built-in large-model agent, a type of AI system, to launch an attack.
Through voice interaction alone they triggered and gained access, seizing full control of an internet-connected robot. This “turned” robot then became a “digital Trojan horse,” using NFC near-field wireless communication to infect another that wasn’t connected to the internet. In less than three minutes, the second, previously unaffected robot was also compromised.
As part of the demonstration, the hacked robot received a malicious command from the white-hat hackers. It then walked straight towards a mannequin at the centre of the stage, raised its mechanical arm and punched the dummy to the ground.
Traditionally, physical isolation – keeping devices offline – was considered sufficient to protect against even the most skilled hackers. However, this chain-reaction attack revealed the systemic risks that future robot clusters may face.
While conventional cyber security threats typically lead to privacy breaches or financial losses, hijacking intelligent robots could transform industrial robotic arms or household robots into instruments of physical harm.
This demonstration highlighted another concern as robots play an increasingly important role in many areas. Currently, intelligent robots are primarily used in entertainment performances, business receptions and scientific research and education, as well as in hotels. But Qu warned that once robots were deployed in roles such as inspection, counter terrorism, or medical and elderly care, unresolved security flaws could prove catastrophic.
For example, a compromised robot may be transformed from a domestic assistant to a “mobile spy” that steals sensitive information or even becomes a physical threat to family members. Meanwhile, a hacked autonomous driving system would no longer just be a crash risk, but could also become a lethal weapon. Maliciously controlled industrial robots could sabotage production lines, causing significant economic losses and casualties.
Qu said robot manufacturers should use scanning tools during the development phase to quickly eliminate surface-level vulnerabilities.
At the same time, they should establish their own security systems or work with external teams to conduct penetration tests and uncover deeper hidden risks, Qu added, saying only through real-world simulations and expert analysis could a product’s true security be verified.
“Security is somewhat like air – you tend to overlook it when you have it, but losing it can be fatal,” he said.
Other participants at this year’s GEEKCon highlighted security flaws in other products by hijacking smart glasses cameras, forcing drones to crash or breaching large-model intelligent AI agents.
