Critical Rabbit R1' security flaw leaves user data at risk

Updated on June 28th with a statement from Rabbit and a comment from Traceable AI.

The company that created the virtual assistant Rabbit R1 hardcoded several critical API keys, potentially putting users' private data vulnerable to hackers. The company says that it rotated the API keys shortly after it was aware of the issue.

Since the official launch of Rabbit R1 in late April, there have been numerous criticisms aimed at the device and its creator Rabbit.

Shortly after initial reviews revealed that the device lacked basic functionality, among many other issues, it was disclosed that the device's entire interface was powered by a single Android app.

Now, a team of R1's community researchers called Rabbitude claim that they gained access to the Rabbit codebase and found critical keys embedded directly into the source code.

"The keys allow anyone to read every response every R1 has ever given, including ones containing personal information, brick all R1's, alter the responses of all R1's, and replace every R1's voice, and more," the researchers say in a blog post.

API keys include its text-to-speech service ElevenLabs, Azure, Google Maps, Yelp, and email provider SendGrid.

Eleven Labs keys, for example, give full privileges and allow users to get a history of all past text-to-speech messages, change Rabbit R1's assistant voices, and add custom ter replacements, Rabbitude says.

It also allows the deletion of voices and crashes the rabbitOS backend, thus rendering all R1 devices useless.

According to the researchers, who describe themselves as a reverse engineering project that reverses, hacks, and experiments with the R1, Rabbit has known about the Eleven Labs vulnerability since May but hasn't taken action to rotate the API keys.

The group also told 404 Media it had the API key for SendGrid, Rabbit's email provider.

"It provides access to a complete history of emails sent on the subdomain. This subdomain is primarily used for the R1's spreadsheet-editing functions, meaning that it also includes user information contained within those spreadsheets. it also allows us to send emails from email addresses" said Rabbitude in a separate blogspot.

Rabbit’s response

The Rabbit team said it was made aware of a potential issue on June 25th, and acted upon the incident immediately. The company claims it commenced an investigation to correct the issue.

According to the company, the Rabbit security team rotated the keys to specific APIs, which caused downtime on the devices for a brief period

Rabbit also says that it wasn't aware of customer data being leaked or any compromise to its system and it is still investigating the issue.

API keys for artificial intelligence (AI) are sensitive, as they allow companies to integrate their services into their products. That specific key enables the AI services company to track the usage of that account and charge the person or company using it. They should not be embedded directly in the source code.

Richard Bird, CSO at Traceable AI, said that Rabbit’s recent jailbreaking clearly shows that the power of APIs to create value and business benefit is running headlong into a series of security problems that haven’t been fixed for years.