Hacking hardware used to require years of specialized training in ROS middleware, BLE protocols, MQTT message brokers, and embedded firmware. That expertise gap was a strong barrier protecting consumer robotics from compromise.
Víctor Mayoral-Vilches at Alias Robotics and Lucas Apa at IOActive published "Cybersecurity AI: Hacking Consumer Robots in the AI Era." Using their open-source CAI framework, they assessed three consumer robots: a Hookii lawnmower, a Hypershell X powered exoskeleton, and a HOBOT S7 Pro window cleaner. CAI found 38 vulnerabilities in about 7 hours. Thirty were Critical or High. The lawnmower gave up root access and fleet-wide control of 267+ devices. The exoskeleton exposed motor control commands to anyone within Bluetooth range. The window cleaner accepted unsigned firmware and tracked its user's position every 0.7 seconds.
Highlights:
🔹 CAI was given only each robot's product name. No documentation, no prior knowledge. It autonomously discovered network interfaces (WiFi, BLE, MQTT, REST APIs) and systematically probed for weaknesses with human oversight guiding assessment and intervening when tests could reach cloud infrastructure. Assessment time: about 7 hours for three robots vs. an estimated 33 hours for an expert team.
🔹 Hookii Neomow lawnmower (9 vulnerabilities, 4 Critical): unauthenticated ADB on port 5555 granted unrestricted root access (CVSS 10.0). Fleet-wide hardcoded MQTT credentials identical across all robots and an EMQX broker with default admin:public credentials exposed 267 connected robots with 333 active MQTT subscriptions. The robot collects 456MB of 3D property maps via LiDAR, GPS coordinates every 30 seconds, and HD camera images, all transmitted over unencrypted MQTT with TLS explicitly disabled (use_tls: 0). A single external client downloaded 724.98MB of data over a 49-day period.
🔹 Hypershell X powered exoskeleton (12 vulnerabilities, all Critical or High): no BLE authentication, meaning any device within range can connect and send commands. 177 BLE commands accepted without per-command authorization, including motor control. Device IDs are reversed bytes of the BLE MAC address, making them trivially predictable from passive Bluetooth scanning. An IDOR chain across API endpoints exposed owner emails, usage histories, and battery data for arbitrary devices. Hardcoded SMTP credentials gave access to approximately 3,300 internal support emails containing PayPal and Shopify account recovery codes.
🔹 HOBOT S7 Pro window cleaner (17 vulnerabilities): no BLE authentication with all GATT services immediately accessible. Unauthenticated OTA firmware service accepted arbitrary firmware writes with no cryptographic signature verification. XOR-only integrity check (a single byte) and no replay protection. Real-time position tracking every 0.7 seconds sent to the Gizwits IoT cloud. BLE range extends to approximately 70 meters, enough for an attacker to disable suction motors while the robot is attached to a window.
🔹 Privacy failures across all three robots: the Hookii lawnmower violated 21 GDPR articles. None of the three robots provided consent mechanisms, data subject rights, or transparency notices. 18 endpoint patterns tested for GDPR data rights on the HOBOT, none found. Two of three robots confirmed GDPR compliance failures including data transmission to AWS without documented legal basis.
🔹 The authors chose not to file CVEs for any of the 38 vulnerabilities, arguing the CVE system "primarily serves as a credentialing mechanism within the security community rather than as a driver of actual remediation." They cite NVD's 93.4% backlog of unanalyzed CVEs and MITRE's near-collapse when DHS allowed its funding contract to lapse in April 2025.
My take:
1️⃣ Autonomous hacking is real and now in the physical world. When hackerbot-claw got RCE in Microsoft and DataDog repos, the targets were code repositories. Here's the same pattern applied to physical systems, where the impact can be bigger. Robots can do physical harm. Lawnmowers have blades.
2️⃣ Safety engineering needs to adapt to the new threat model. An exoskeleton that can be compromised by an attacker within Bluetooth range. We'll need to build and adjust physical safety mechanisms to prevent unsafe actions even when the software is compromised. Time to re-learn from Therac-25.
3️⃣ The privacy findings are not a big surprise. Twenty-one GDPR article violations in a single robot that has access to detailed maps of people's homes and yards. Consumer devices are a privacy nightmare. The real question is what to do about it. I don't have an answer.
4️⃣ The 7-hours-vs-33-hours comparison shows the real shift in speed. In my post about exploit generation industrialization, Sean Heelan showed AI generating 40+ working exploits at $30 each. Now we see the same dynamic in physical systems. The cost of compromising a robot fleet dropped to 7 hours and an open-source tool.
5️⃣ The same cost drop has a positive side, and not just for robots. Comprehensive security testing across IoT, embedded systems, and connected devices used to be cost-prohibitive, leading to broad risk acceptance. When AI brings the cost and time down by an order of magnitude, regulators, procurement teams, and insurers can start demanding comprehensive security testing and vulnerability remediation as a baseline.
Sources: