两名安全研究人员发现,杭州宇树科技有限公司在其流行的 Go1机器狗上预装了一个明显的后门,该后门允许任何人监视全球的客户。新的通用漏洞披露列表确认该问题属于严重漏洞,正式编目 CVE-2025-2894。任何发现该公开 web API 的人都可以看到 Go1机器狗的位置。如果机器狗处于在线状态,他们甚至无需登录即可查看机器狗实时摄像头画面。如果机器狗的默认 Raspberry Pi 凭证没有更改,攻击者也可以使用这些凭证完全控制机器狗。研究员表示,他们无法明确断定宇树科技是否有意创建监控后门,或者这仅仅是“架构混乱,编程不规范”所致。
两名安全研究人员发现,杭州宇树科技有限公司在其流行的 Go1机器狗上预装了一个明显的后门,该后门允许任何人监视全球的客户。新的通用漏洞披露列表确认该问题属于严重漏洞,正式编目 CVE-2025-2894。任何发现该公开 web API 的人都可以看到 Go1机器狗的位置。如果机器狗处于在线状态,他们甚至无需登录即可查看机器狗实时摄像头画面。如果机器狗的默认 Raspberry Pi 凭证没有更改,攻击者也可以使用这些凭证完全控制机器狗。研究员表示,他们无法明确断定宇树科技是否有意创建监控后门,或者这仅仅是“架构混乱,编程不规范”所致。
Add up to 50 administrators While the character limit is 255, try to fit into 200 characters. This way, users will be able to take in your text fast and efficiently. Reveal the essence of your channel and provide contact information. For example, you can add a bot name, link to your pricing plans, etc. With the administration mulling over limiting access to doxxing groups, a prominent Telegram doxxing group apparently went on a "revenge spree." The group also hosted discussions on committing arson, Judge Hui said, including setting roadblocks on fire, hurling petrol bombs at police stations and teaching people to make such weapons. The conversation linked to arson went on for two to three months, Hui said. Members can post their voice notes of themselves screaming. Interestingly, the group doesn’t allow to post anything else which might lead to an instant ban. As of now, there are more than 330 members in the group.
from us
