Difference between revisions of "News"
SecurityAdm (talk | contribs) (→2025) |
SecurityAdm (talk | contribs) (→2025) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
| − | : | + | :'''We have successfully reported five security vulnerabilities affecting two widely used autonomous quadrupedal robotic platforms.''' |
| + | |||
| + | As part of our ongoing research into the security and resilience of autonomous robotic systems, our team has discovered vulnerabilities in two commercial quadrupedal robots: the Vision60, developed by Ghost Robotics , and the Unitree A1, produced by Unitree Robotics. | ||
| + | Through this analysis, we identified and confirmed a total of five security vulnerabilities, three belonging to the Vision 60 (CVE-2025-41108,CVE-2025-41109,CVE-2025-41110) and two to the Unitree A1 (CVE-2023-3103, CVE-2023-3104), which could allow an attacker to interfere with communication systems, deny the robot's ability to operate, and even take control of it. | ||
| + | |||
| + | |||
| + | The official security advisories can be accessed at the following links: | ||
| + | |||
| + | • Vision60 (Ghost Robotics): | ||
| + | https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-vision-60-de-ghost-robotics | ||
| + | |||
| + | • Unitree A1 (Unitree Robotics): | ||
| + | https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1 | ||
| + | |||
| + | |||
| + | |||
| + | :'''We participated in two of Spain’s leading cybersecurity and technology conferences, presenting our latest research and discoveries on security vulnerabilities in autonomous robotic platforms.''' | ||
Our team took part in both the C1b3rWall 2025 event — organized by the Spanish National Police at the National Police Academy in Ávila — and the RootedCON 2025 cybersecurity congress in Madrid. | Our team took part in both the C1b3rWall 2025 event — organized by the Spanish National Police at the National Police Academy in Ávila — and the RootedCON 2025 cybersecurity congress in Madrid. | ||
| Line 8: | Line 24: | ||
Our research focused on demonstrating how certain weaknesses in communication protocols and system configuration could be exploited to interfere with the robot’s functionality. | Our research focused on demonstrating how certain weaknesses in communication protocols and system configuration could be exploited to interfere with the robot’s functionality. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| + | <div style="clear:both;"></div> | ||
| + | [[File:Rooted.jpg|frameless|left|450px]] | ||
| + | [[File:Cyberwall.JPG|frameless|right|450px]] | ||
| + | <div style="clear:both;"></div> | ||
Latest revision as of 08:14, 5 November 2025
2025
- We have successfully reported five security vulnerabilities affecting two widely used autonomous quadrupedal robotic platforms.
As part of our ongoing research into the security and resilience of autonomous robotic systems, our team has discovered vulnerabilities in two commercial quadrupedal robots: the Vision60, developed by Ghost Robotics , and the Unitree A1, produced by Unitree Robotics. Through this analysis, we identified and confirmed a total of five security vulnerabilities, three belonging to the Vision 60 (CVE-2025-41108,CVE-2025-41109,CVE-2025-41110) and two to the Unitree A1 (CVE-2023-3103, CVE-2023-3104), which could allow an attacker to interfere with communication systems, deny the robot's ability to operate, and even take control of it.
The official security advisories can be accessed at the following links:
• Vision60 (Ghost Robotics): https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-vision-60-de-ghost-robotics
• Unitree A1 (Unitree Robotics): https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1
- We participated in two of Spain’s leading cybersecurity and technology conferences, presenting our latest research and discoveries on security vulnerabilities in autonomous robotic platforms.
Our team took part in both the C1b3rWall 2025 event — organized by the Spanish National Police at the National Police Academy in Ávila — and the RootedCON 2025 cybersecurity congress in Madrid. During these events, we presented the security vulnerabilities identified in the Vision60 quadruped robot developed by Ghost Robotics, highlighting potential attack vectors that could compromise its autonomous operation and communication systems.
Our research focused on demonstrating how certain weaknesses in communication protocols and system configuration could be exploited to interfere with the robot’s functionality.
We participated in Europe's largest science and industry trade fair presenting our innovative cybersecurity solution
The solution consists of an innovative methodology for the development and implementation of event logging systems in different cyber-physical systems. The objective is to know and be able to explain exactly what has happened in a device ensuring that the data logging system has not been affected by external inferences such as a cyber-attack.
2022
Our colleagues and students forming the NFC^3 team have qualified for the National Cyberleague semifinal
The National Cyberleague [1] is an event organized by the General Directorate of the Civil Guard, through its University Center (CUGC) and the Civil Guard Foundation, with the support of a multitude of collaborating entities, both public and private.
The initiative consists of a competition for multidisciplinary teams, where its members coordinate and complement each other to resolve incidents in different fields of Internet security and new technologies.
From left to right: Christian Vega Gonzalez (ULE), Ignacio Crespo Martinez (ULE), Francisco Diez Gutiérrez (IES San Andrés), Claudia Álvarez Aparicio (ULE), Carmen Calvo Olivera (ULE)
- ¡¡¡ We want to see you in the final !!!
