Milestones
How robot cyber-risk escalated
From a single hacked toy to humanoids used as attack platforms — the landmark moments and disclosed incidents that turned robot security from a curiosity into a safety imperative.
Escalation
From lab curiosity to weaponized fleets
Each step raised the stakes.
2017
Consumer robots
IOActive shows remote takeover of NAO/Pepper — robots can be made to move unsafely.
2019
First robot ransomware
Akerbeltz encrypts and ransoms Universal Robots cobots on the factory floor.
2020
Fleets at risk
80+ issues in Universal Robots and 14 in MiR expose robots in hospitals and industry.
2022
The bus breaks
12 DDS CVEs hit ROS 2 and OT; a Unitree Go1 ships with a hidden kill switch.
2025
Humanoids weaponized
A commercial humanoid (Unitree G1) is turned into a surveillance & cyber-ops platform.
Timeline
Landmark robot hacks, 2017–2026
Real, disclosed incidents — each turning a robot's safety envelope into an attack surface. Source linked per entry.
2026-03
Cybersecurity AI autonomously discovers 38 vulnerabilities across three consumer robots. source ↗
2025-09
Cybersecurity of a humanoid robot: encryption flaws and unauthorized telemetry uncovered in a commercial humanoid. source ↗
2025-09
Unitree G1 humanoid repurposed as a surveillance and cyber-operations platform (humanoids as attack vectors). source ↗
2024-08
Ecovacs vacuum and lawn robots: broken encryption, missing certificate verification and unauthorized live-camera access. source ↗
2022-12
iRobot Roomba J7: private household images (including a person on a toilet) captured by test robots leaked online. source ↗
2022-08
Unitree Go1 quadruped: a hidden 433 MHz remote 'kill switch' and backdoor tunnel discovered. source ↗
2022-04
DDS middleware: 12 CVEs across six implementations powering ROS 2 and industrial systems; ~640 exposed devices found online. source ↗
2022-04
ROS 2 / DDS: memory overflows, denial of service and arbitrary code execution demonstrated against secure robot buses. source ↗
2020-06
Mobile Industrial Robots (MiR): 14 vulnerabilities affecting fleets of autonomous mobile robots in hospitals and airports. source ↗
2020-03
Universal Robots cobots: 80+ security issues disclosed, including unauthenticated control of the robot arm. source ↗
2019-12
Akerbeltz: the first industrial-robot ransomware, demonstrated against Universal Robots UR3/UR5/UR10 cobots. source ↗
2018-11
Robot hazards: a safety-and-security risk assessment shows attacks can turn robots into physical hazards. source ↗
2018-06
Aztarna: thousands of ROS and industrial robot endpoints found exposed on the public Internet. source ↗
2017-03
IOActive: robots hacked before Skynet — remote code execution and unsafe movement in SoftBank NAO/Pepper and UBTECH Alpha consumer/service robots. source ↗