Beyond Model Jailbreak: Systematic Dissection of the "Ten DeadlySins" in Embodied Intelligence
Yuhang Huang, Junchao Li, Boyang Ma, Xuelong Dai, Minghui Xu, Kaidi Xu, Yue Zhang, Jianping Wang, Xiuzhen Cheng
TL;DR
This work conducts the first end-to-end security analysis of an embodied intelligence platform (Unitree Go2), revealing ten cross-layer vulnerabilities that span sensing/control, core components, and external interfaces. By combining empirical testing, reverse engineering, protocol reconstruction, and hardware probing, it shows that security failures propagate across provisioning, networking, and firmware, not just the AI model. The authors argue for a holistic, secure-by-default approach that tightly integrates cryptography, authenticated control paths, hardware roots of trust, and cross-layer validation to ensure real-world safety. The findings advocate for system-level defenses that extend beyond model alignment to protect both physical and digital aspects of embodied agents. This has significant practical impact for the design of robust, trustworthy embodied AI systems in homes, workplaces, and public settings.
Abstract
Embodied AI systems integrate language models with real world sensing, mobility, and cloud connected mobile apps. Yet while model jailbreaks have drawn significant attention, the broader system stack of embodied intelligence remains largely unexplored. In this work, we conduct the first holistic security analysis of the Unitree Go2 platform and uncover ten cross layer vulnerabilities the "Ten Sins of Embodied AI Security." Using BLE sniffing, traffic interception, APK reverse engineering, cloud API testing, and hardware probing, we identify systemic weaknesses across three architectural layers: wireless provisioning, core modules, and external interfaces. These include hard coded keys, predictable handshake tokens, WiFi credential leakage, missing TLS validation, static SSH password, multilingual safety bypass behavior, insecure local relay channels, weak binding logic, and unrestricted firmware access. Together, they allow adversaries to hijack devices, inject arbitrary commands, extract sensitive information, or gain full physical control.Our findings show that securing embodied AI requires far more than aligning the model itself. We conclude with system level lessons learned and recommendations for building embodied platforms that remain robust across their entire software hardware ecosystem.