Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps

TL;DR

A six-layer attack taxonomy spanning perception manipulation, VR/AR operator targeting, communication disruption, control signal attacks, localization spoofing, and network intrusion is contributed.

Abstract

Teleoperated quadruped robots are increasingly deployed in safety-critical missions -- industrial inspection, military reconnaissance, and emergency response -- yet the security of their communication and control infrastructure remains insufficiently characterized. Quadrupeds present distinct security challenges arising from dynamic stability constraints, gait-dependent vulnerability windows, substantial kinetic energy, and elevated operator cognitive load. This survey synthesizes peer-reviewed literature and vulnerability disclosures (2019--2025) to provide comprehensive analysis of cybersecurity threats, consequences, and countermeasures for teleoperated quadruped systems. We contribute: (i) a six-layer attack taxonomy spanning perception manipulation, VR/AR operator targeting, communication disruption, control signal attacks, localization spoofing, and network intrusion; (ii) systematic attack-to-consequence mapping with timing characterization; (iii) Technology Readiness Level classification exposing critical maturity gaps between field-deployed communication protections (TRL 7--9) and experimental perception/operator-layer defenses (TRL 3--5); (iv) comparative security analysis of six commercial platforms; (v) pragmatic deployment guidance stratified by implementation timeline; and (vi) eight prioritized research gaps with implementation roadmaps. Limitations: Platform assessments rely on publicly available information. Attack success rates derive from cited studies under controlled conditions and require domain-specific validation.

Figures (9)

• Figure 1: Conceptual illustration of communication channel attacks in quadruped robot teleoperation. An adversary can target the wireless link between the operator and robot to intercept, manipulate, or disrupt command and feedback transmissions.
• Figure 2: Representative commercial quadruped platforms analyzed in this survey. These platforms exhibit diverse security architectures: Spot employs per-device cryptographic keying, Unitree platforms have exhibited fleet-wide credential vulnerabilities, and ANYmal targets industrial inspection with enterprise security requirements. (a) Boston Dynamics Spot; (b) Unitree B2; (c) ANYbotics ANYmal.
• Figure 3: PRISMA-style flow diagram illustrating the systematic literature selection process. Preliminary database search across IEEE Xplore, ACM Digital Library, Scopus, Web of Science, and arXiv yielded 847 potentially relevant publications. Supplementary sources (n=63) include vendor security documentation, CVE databases, and publications identified through forward/backward citation tracking.
• Figure 4: Quadruped teleoperation architecture with six-layer attack surface mapping. Red dashed boxes indicate attack vectors targeting each trust boundary zone. The three trust boundaries (Operator, Communication, Robot) correspond to the adversary model's attack access points. Each crossing between zones represents an exploitable interface where attacks from Layers 1--6 can intercept, manipulate, or disrupt the bidirectional command-feedback pipeline.
• Figure 5: Evolution of robotic cybersecurity research (2015--2025). Events above the timeline represent vulnerability discoveries and attacks (red); events below represent defensive advances (green). The accelerating density of events from 2023 onward reflects the transition from academic research to active exploitation of deployed quadruped platforms.