The team behind Rabbitude, the community-formed reverse engineering project for the Rabbit R1, has revealed finding a security issue with the company's code that leaves users' sensitive information accessible to everyone. In an update posted on the Rabbitude website, the team said it gained access to the Rabbit codebase on May 16 and found "several critical hardcoded API keys." Those keys allow anybody to read every single response the R1 AI device has ever given, including those containing the users' personal information. They could also be used to brick R1 devices, alter R1's responses and replace the device's voice.
The API keys they found authenticate users' access to ElevenLabs' text-to-speech service, Azure's speech-to-text system, Yelp (for review lookups) and Google Maps (for location lookups) on the R1 AI device. In a tweet, one of Rabbitude's members said that the company has known about the issue for the past month and "did nothing to fix it." After they posted, they said Rabbit revoked Elevenlabs' API key, though the update broke R1 devices for a bit.
In a statement sent to Engadget, Rabbit said it was only made aware of an "alleged data breach" on June 25. "Our security team immediately began investigating it," the company continued. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details." It didn't say if it revoked the keys the Rabbitude team said it found in the company's code.
Rabbit's R1 is a standalone AI assistant device designed by Teenage Engineering. It's meant to help users accomplish certain tasks, like placing food delivery orders, as well as to quickly look up information like the weather. We gave it a pretty low score in our review, because we found that its AI functionality often didn't work. Further, users can simply use their phone instead of having to spend an extra $199 to buy the device.
This article originally appeared on Engadget at https://www.engadget.com/rabbit-r1-security-issue-allegedly-leaves-sensitive-user-data-accessible-to-anybody-120024215.html?src=rss https://www.engadget.com/rabbit-r1-security-issue-allegedly-leaves-sensitive-user-data-accessible-to-anybody-120024215.html?src=rssInicia sesión para agregar comentarios
Otros mensajes en este grupo.
![FCC chair asks telecoms companies to prove they're actually trying to stop political AI robocalls](https://www.cdn5.niftycent.com/a/1/V/5/o/g/P/fcc-chair-asks-telecoms-companies-to-prove-they-re-actually-trying-to-stop-political-ai-robocalls.webp)
FCC Chairwoman Jessica Rosenworcel has drafted a series of letters to nine major telecom c
![The AI prison of the future is just an Outer Limits episode](https://www.cdn5.niftycent.com/a/D/m/8/A/z/W/the-ai-prison-of-the-future-is-just-an-outer-limits-episode.webp)
According to the Prison Policy Institute, the US has a higher incarceration rate per 100,000 people in its popul
![Life is Strange spiritual successor delayed to avoid Life is Strange sequel](https://www.cdn5.niftycent.com/a/1/9/K/8/7/Y/life-is-strange-spiritual-successor-delayed-to-avoid-life-is-strange-sequel.webp)
Lost Records: Bloom & Rage is a brand-new game from the creators of Life is Strange. It's be
![Amazon investigating Perplexity AI after accusations it scrapes websites without consent](https://www.cdn5.niftycent.com/a/e/a/a/N/j/j/amazon-investigating-perplexity-ai-after-accusations-it-scrapes-websites-without-consent.webp)
Amazon Web Services has started an investigation to determine
![EU competition chief jabs at Apple from both sides over AI delay](https://www.cdn5.niftycent.com/a/e/b/9/Q/N/L/eu-competition-chief-jabs-at-apple-from-both-sides-over-ai-delay.webp)
It's safe to say Apple and the European Commission aren't exactly bosom buddies. The two sides have been at log
![Prime Day 2024 early deals you can shop ahead of the Amazon sale on July 16-17](https://www.cdn5.niftycent.com/a/e/7/v/r/K/5/prime-day-2024-early-deals-you-can-shop-ahead-of-the-amazon-sale-on-july-16-17.webp)
Amazon Prime Day 2024 will arrive shortly, bringing a deluge of discounts and deals on everything from household es
![Lego made bricks out of meteorite dust and they’re on display at select stores](https://www.cdn5.niftycent.com/a/1/Y/r/P/l/K/lego-made-bricks-out-of-meteorite-dust-and-they-re-on-display-at-select-stores.webp)