If you have purchased the Rabbit R1, a handheld AI device that answers your questions using AI, then there is bad news. A community of Rabbit R1 developers called Rabbitude has found some serious issues with the company's code that leave your sensitive information vulnerable to third parties.
According to an updated post on the Rabbitude website, the team said that they gained access to the Rabbit R1's codebase on May 16 and were able to find "several critical hardcoded API keys." Using these keys, anybody can read every single response the Rabbit R1 AI device has ever given, including personal information.
Rabbit R1 was another AI product, similar to the Humane AI Pin, which is already up for sale. The Rabbit R1 device was launched as a phone replacement device, but the poor execution, unbaked product, and all the negative reviews have already put the device on the "don't purchase" list.
The Rabbitude website mentions that the AI queries and responses that go through Rabbit's "rabbithole" cloud-based processing system isn't as secure as you might think. The API keys, which Rabbitude found contained sensitive user information from ElevenLabs (text-to-speech service), Azure's text-to-speech system, Yelp (for reviews), and Google Maps on the R1 device.
It is easy to understand how much sensitive information the responses from using these apps on the R1 device could contain, and since the Rabbit R1 isn't secure, anyone can get access to the sensitive data and use it to brick the R1 device, alter R1's responses or change R1's voice.
Additionally, Rabbitude also claimed that Rabbit knew about this security flaw in their R1 device, but did not take any steps to rectify the issue. In a statement to Engadget, Rabbit said:
As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details.
The company has also updated its website with a page dedicated to the ongoing investigation of this security flaw. The exposed security flaw is another dent in Rabbit R1's short legacy and also proves why anything that looks fancy isn't great.
2 Comments - Add comment