The team behind Rabbitude, the community-formed reverse engineering project for Rabbit R1, has revealed find a security problem with company code that leaves sensitive user information accessible to everyone. In an update posted on Rabbitude's website, the team said it gained access to Rabbit's codebase on May 16 and found “several critical hardcoded API keys.” Those keys allow anyone to read every response the R1 ai device has given, including those that contain users' personal information. They could also be used to lock R1 devices, alter R1's responses, and replace the device's voice.
The API keys they found authenticate users' access to the ElevenLabs text-to-speech service, the Azure speech-to-text system, Yelp (for review searches), and Google Maps (for location searches) on the R1 device. ai. In a tweet, one of the members of Rabbitude x.com/xyz3va/status/1805684840269828605″ rel=”nofollow noopener” target=”_blank” data-ylk=”slk:said;cpos:3;pos:1;elm:context_link;itc:0;sec:content-canvas” class=”link “>saying that the company was aware of the problem for the last month and “did nothing to fix it.” After posting, they said Rabbit. x.com/xyz3va/status/1805689140639408277″ rel=”nofollow noopener” target=”_blank” data-ylk=”slk:revoked;cpos:4;pos:1;elm:context_link;itc:0;sec:content-canvas” class=”link “>revoked The Elevenlabs API key, although the update broke the R1 devices a bit.
In a statement to Engadget, Rabbit said it only learned of an “alleged data breach” on June 25. “Our security team began investigating it immediately,” the company continued. “At this time, we are not aware of any customer data being leaked or our systems being compromised. If we learn of any other relevant information, we will provide an update once we have more details.” He did not say whether he revoked the keys that the Rabbitude team said they found in the company's code.
Rabbit's R1 is a standalone ai assistant device designed by Teenage Engineering. It is intended to help users perform certain tasks, such as ordering food delivery, as well as quickly searching for information such as the weather. We gave it a fairly low score in our review because we found that its ai functionality often didn't work. Additionally, users can simply use their phone instead of having to spend an additional $199 to purchase the device.
