Affiliate links on Android Authority may earn us a commission. Learn more.
Thought the Rabbit R1 saga couldn't get worse? Well, it just did (Update)
- Researchers have discovered a major vulnerability with the Rabbit codebase.
- This flaw allows malicious actors to read every response any Rabbit R1 gadget has ever issued.
- Rabbit says it’s taken various steps to address the issue.
Update: June 28, 2024 (7:04 AM ET): Rabbit has directed us to a page on its website that’s devoted to these exposed API keys. The company used the page to confirm that it initially rotated these API keys on June 26.
Rabbit then detailed additional steps it took. These steps include making an inventory of all “secrets” currently being used and revoking and rotating said secrets.
“As part of the inventory process, we identified additional secrets that were not properly stored in AWS Secrets Manager. As part of the rotation process, the team updated relevant portions of the codebase to ensure that all secrets were properly stored,” the company explained.
Original article: June 28, 2024 (3:05 AM ET): The Rabbit R1 AI gadget has been underwhelming, overhyped, and unreliable. Unfortunately, it looks like the product has a major vulnerability that Rabbit hasn’t fixed yet.
A team of security researchers collectively known as Rabbitude reported that it gained access to Rabbit’s codebase on May 16 and discovered several hardcoded API keys. These keys are for two text-to-speech systems (ElevenLabs and Azure), Google Maps, and Yelp.
Access to these keys (particularly the ElevenLabs key) apparently allows anyone to engage in a variety of extremely concerning activities. For starters, the Rabbitude team says it allows nefarious actors to read every response any Rabbit R1 gadget has ever given. This includes responses containing personal or sensitive information.
Reading responses is just the beginning
That’s ridiculously bad if confirmed. It doesn’t stop here, though, as the vulnerability apparently allows anyone to brick Rabbit R1s, change the gadgets’ responses, and change the device’s voice.
“We have internal confirmation that the Rabbit team is aware of this leaking of API keys and have chosen to ignore it. The API keys continue to be valid as of writing,” the team explained.
“We will not be publishing any more details out of respect for the users, not the company,” it added.
We’ve asked Rabbit about this apparent flaw and whether it is indeed ignoring the issue. We’ll update the article if/when the company gets back to us. News of this flaw also comes after researchers claimed the Rabbit R1 wasn’t really powered by a so-called large action model as originally claimed. These researchers also got games running on the R1 servers.