Why this issue matters beyond robot dogs
Recent concerns around Unitree robot dogs and alleged remote access mechanisms are not only a robotics story. For business leaders in the Barcelona metropolitan area, the practical question is broader: how much trust should an organisation place in connected devices that it does not fully control?
Robot dogs are a visible example, but the same issue applies to cameras, sensors, access control systems, industrial IoT devices, drones, smart displays and connected maintenance equipment. These devices often enter the business through operations, facilities, security or innovation teams, not always through a formal IT governance process.
The risk is not that every connected device is unsafe. The risk is that companies often deploy them without knowing how they communicate, who can update them, what data they collect, and whether the vendor retains privileged remote access.
What a vendor backdoor means in business terms
A backdoor is any hidden or insufficiently controlled access path that allows a device, application or system to be reached outside normal authentication and governance. It may be intentional, for support or maintenance. It may be poorly documented. It may also be the result of weak engineering or insecure default configuration.
For executives, the distinction between a malicious backdoor and a poorly governed remote access feature is important technically, but less important operationally. In both cases, the organisation may have an unmanaged path into its environment.
This creates several business risks: unauthorised access to internal networks, exposure of operational data, dependency on a vendor for updates, difficulty proving compliance, and uncertainty when an incident occurs. If the device can move, record, map spaces or interact with people, the risk also extends into physical operations.
Why SMEs are particularly exposed
Many SMEs adopt connected technology pragmatically. A team identifies a need, compares products, buys the device, connects it to Wi-Fi or a local network, and starts using it. This speed is understandable, especially when the device solves a real operational problem.
The weakness is that procurement, cybersecurity and operational ownership are often separated. A facilities team may own the device, IT may own the network, and management may assume the vendor has handled security. This creates a grey zone where nobody has a complete view of the risk.
In the Barcelona metropolitan area, where many companies operate from mixed environments such as offices, warehouses, retail spaces, industrial units and shared facilities, connected devices can quickly cross the boundary between digital systems and physical operations. That makes governance more important, not less.
What to check before deploying connected robotics or IoT
Before deploying a robot dog, camera, sensor platform or similar device, companies should ask practical questions that can be answered through documentation, configuration review and testing.
Network behaviour: Which external servers does the device contact? Does it require permanent internet access? Can it operate on a restricted network segment?
Remote access: Can the vendor connect to the device? Is remote support disabled by default? Is access logged, time limited and approved by the customer?
Update control: Who can push firmware or software updates? Are updates signed and verifiable? Can the organisation delay or test updates before deployment?
Data handling: What data is collected, stored and transmitted? Does the device capture video, audio, location, maps, telemetry or user credentials?
Identity and credentials: Are default passwords removed? Does the system support role-based access, strong authentication and individual user accounts?
Lifecycle management: How long will the vendor provide security updates? What happens if the vendor stops supporting the product or changes its cloud service?
How to reduce the risk without blocking innovation
The answer is not to reject every connected device. The answer is to place them under clear technology governance before they become embedded in operations.
First, maintain an inventory of connected devices, including model, firmware version, owner, network location, vendor, cloud dependency and business purpose. If a device is not in the inventory, it is not governed.
Second, isolate connected devices from critical systems. Robotics, cameras and IoT devices should not sit on the same network as finance systems, identity infrastructure, production management tools or sensitive file storage unless there is a justified and controlled reason.
Third, define a vendor access policy. Remote support should be disabled unless needed, approved before use, logged, and reviewed after the intervention. Shared credentials should be avoided.
Fourth, include security requirements in procurement. Teams should not buy connected equipment based only on features and price. Security documentation, update policy, data processing terms and network requirements should be part of the decision.
Fifth, test before scaling. A pilot device can be monitored in a controlled environment to understand traffic patterns, update behaviour and administrative controls before wider deployment.
What business leaders should do next
Leaders do not need to become robotics security specialists. They do need to ensure that connected device risk is visible, owned and managed. A practical first step is to identify all devices that connect to company networks or cloud services and classify them by business criticality and data exposure.
Next, assign ownership. Every connected device should have a business owner and a technical owner. The business owner defines why the device is needed. The technical owner ensures that it is deployed safely, monitored and updated.
Companies should also review whether their current cybersecurity policies cover non-traditional IT assets. Many policies mention laptops, servers and applications, but ignore mobile robots, smart locks, video systems, sensors and vendor-managed appliances.
A structured digital audit can help management understand where connected device risk sits inside the wider technology environment, from network segmentation and access control to vendor dependency and operational resilience.
The governance lesson from the Unitree discussion
The lesson is not limited to one manufacturer or one product category. The real issue is that connected devices can introduce hidden dependencies into a company faster than governance processes can detect them.
For SMEs, the priority is to avoid unmanaged trust. If a device can connect, record, move, update itself or receive commands from outside the organisation, it deserves the same level of scrutiny as any other business system.
Innovation and security are not opposites. The companies that benefit most from connected technologies are usually those that deploy them with clear ownership, controlled access, documented configuration and a realistic view of vendor risk.