AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in Rabbit R1: all user data at risk

Vulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

The Rabbitude Group has discovered a vulnerability in the Rabbit R1 AI device that exposes crucial API keys. These keys allow unauthorized access to users' personal data. Rabbit has revoked an API key and is investigating, but has found no evidence of violations so far.

This pill is also available in Italian language

The team of tech enthusiasts called Rabbitude has found a serious vulnerability in the code of the Rabbit R1 AI assistant device. The group members, engaged in a reverse engineering project, said they had gained access to the source code of the Rabbit R1 as of May 16. During the analysis, they discovered the presence of some crucial plaintext API keys within the code. These keys are fundamental elements for the integrity and security of the device, as they allow access to data and associated services.

Risks to users' personal data

The API keys detected in the Rabbit R1 source code could expose users' personal data to potential unauthorized access. Indeed, these keys allow not only access to the responses processed by the device, but also the possibility of disabling the unit, manipulating the responses provided or even altering the voice used by the device. The severity of the situation has caused great concern among users and cybersecurity experts, who fear a possible breach of personal data kept by the AI assistant device.

Service implications of the Rabbit R1

The identified API keys are used to authenticate access to various services essential for the operation of the Rabbit R1. These include ElevenLabs for text-to-speech, Azure for speech-to-text, Yelp for review search, and Google Maps for geolocation information. Following the discovery of the vulnerability, Rabbit decided to revoke the ElevenLabs API key, which caused temporary outages for users of the device. The measure taken was fundamental to mitigate the immediate risk, but highlighted the criticality of the safety issue.

Response and statements from the Rabbit company

In response to the concerns raised, Rabbit released an official statement saying that it was only made aware of a possible data breach on June 25. It later reported to Engadget that its security team had launched an investigation immediately. At this time, Rabbit claims to have found no evidence of unauthorized access to customer personal data or compromises of its systems. However, the company promised to provide further updates should new relevant information emerge regarding the safety of the Rabbit R1 and the protection of their users' data.

Follow us on Google News for more pills like this

07/01/2024 19:47

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises