SoK: Cybersecurity Assessment of Humanoid Ecosystem

TL;DR

This paper provides a comprehensive security assessment framework for humanoid robots, consolidating existing research, introducing a layered security model, and quantitatively evaluating real-world robots to identify security maturity levels and guide improvements.

Contribution

It introduces a seven-layer security model and a quantitative attack-defense matrix for systematic security evaluation of humanoid ecosystems, filling a gap in holistic security analysis.

Findings

Security scores ranged from 39.9% to 79.5% across evaluated robots.

The security assessment method supports cross-platform benchmarking.

The framework helps prioritize security investments in humanoid robots.

Abstract

Humanoids are progressing toward practical deployment across healthcare, industrial, defense, and service sectors. While typically considered cyber-physical systems (CPSs), their dependence on traditional networked software stacks (e.g., Linux operating systems), robot operating system (ROS) middleware, and over-the-air update channels, creates a distinct security profile that exposes them to vulnerabilities conventional CPS models do not fully address. Prior studies have mainly examined specific threats, such as LiDAR spoofing or adversarial machine learning (AML). This narrow focus overlooks how an attack targeting one component can cascade harm throughout the robot's interconnected systems. We address this gap through a systematization of knowledge (SoK) that takes a comprehensive approach, consolidating fragmented research from robotics, CPS, and network security domains. We introduce a seven-layer security model for humanoid robots, organizing 39 known attacks and 35 defenses across the humanoid ecosystem-from hardware to human-robot interaction. Building on this security model, we develop a quantitative 39x35 attack-defense matrix with risk-weighted scoring, validated through Monte Carlo analysis. We demonstrate our method by evaluating three real-world robots: Pepper, G1 EDU, and Digit. The scoring analysis revealed varying security maturity levels, with scores ranging from 39.9% to 79.5% across the platforms. This work introduces a structured, evidence-based assessment method that enables systematic security evaluation, supports cross-platform benchmarking, and guides prioritization of security investments in humanoid robotics.