← Back to context

Comment by Havoc

5 days ago

The recent drama around the unitree robot being effectively a beachhead on network has made me much more wary of connecting anything. Think I’ll stick to tasmota and zigbee going forward

2 comments

Havoc

Reply
simonjgreen  5 days ago

Can you tell me more about the Unitree drama?

  • walterbell  5 days ago

    https://news.ycombinator.com/item?id=43604706

      Upon gaining access to the CloudSail API, which they did using a recovered API key, they could:

    List all connected devices and their IP addresses
    Establish remote tunnels to those devices
    Access the robot dog’s web interface with no authentication
    Use the robot’s cameras for live surveillance
    Log in via SSH using default credentials (pi/123)
    Move laterally within internal networks to which the robot is connected