AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in Rabbit R1: all user data at risk

Vulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

The Rabbitude Group has discovered a vulnerability in the Rabbit R1 AI device that exposes crucial API keys. These keys allow unauthorized access to users' personal data. Rabbit has revoked an API key and is investigating, but has found no evidence of violations so far.

This pill is also available in Italian language

The team of tech enthusiasts called Rabbitude has found a serious vulnerability in the code of the Rabbit R1 AI assistant device. The group members, engaged in a reverse engineering project, said they had gained access to the source code of the Rabbit R1 as of May 16. During the analysis, they discovered the presence of some crucial plaintext API keys within the code. These keys are fundamental elements for the integrity and security of the device, as they allow access to data and associated services.

Risks to users' personal data

The API keys detected in the Rabbit R1 source code could expose users' personal data to potential unauthorized access. Indeed, these keys allow not only access to the responses processed by the device, but also the possibility of disabling the unit, manipulating the responses provided or even altering the voice used by the device. The severity of the situation has caused great concern among users and cybersecurity experts, who fear a possible breach of personal data kept by the AI assistant device.

Service implications of the Rabbit R1

The identified API keys are used to authenticate access to various services essential for the operation of the Rabbit R1. These include ElevenLabs for text-to-speech, Azure for speech-to-text, Yelp for review search, and Google Maps for geolocation information. Following the discovery of the vulnerability, Rabbit decided to revoke the ElevenLabs API key, which caused temporary outages for users of the device. The measure taken was fundamental to mitigate the immediate risk, but highlighted the criticality of the safety issue.

Response and statements from the Rabbit company

In response to the concerns raised, Rabbit released an official statement saying that it was only made aware of a possible data breach on June 25. It later reported to Engadget that its security team had launched an investigation immediately. At this time, Rabbit claims to have found no evidence of unauthorized access to customer personal data or compromises of its systems. However, the company promised to provide further updates should new relevant information emerge regarding the safety of the Rabbit R1 and the protection of their users' data.

Follow us on Facebook for more pills like this

07/01/2024 19:47

Marco Verro

Last pills

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity

EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at risk