Rabbit R1 hacked using old vulnerability: avoid second-hand devices


If you’re paying $199 for the Rabbit R1, you might as well use the whole device. Cybernews researchers have gained root access to the AI personal assistant by exploiting a vulnerability from five years ago. Beware if you’re considering a second-hand Rabbit R1.

No device is secure from hackers with ample time and expertise, and the Rabbit R1 is no exception.

The Cybernews research team discovered that the orange box is vulnerable to a public exploit dubbed Kamakiri. This exploit has been disclosed since January 2019 and affects several MediaTek systems on chip (SoCs).

ADVERTISEMENT

Rabbit R1 runs on the MediaTek MT6765V SoC, which has eight Arm cores in a big.LITTLE configuration, similar to the ones used in budget phones a few years ago.

The exploit allows an attacker with physical access to the device to obtain the highest privileges, access and edit storage contents, and modify the device’s firmware.

“Such a vulnerability allows a third party with physical access to modify the device firmware to add malicious code. That includes not only applications but malicious code could also be injected into the kernel or system processes,” researchers said.

Kamakiri is a widely used exploit to hack and modify Android devices. It allowed researchers to dump Rabbit R1’s original firmware, modify it, disable Android Verified Boot, install and run the altered firmware.

Tinkerers use such exploits to gain root privileges, change settings, install custom OSes, and add features or apps. For example, a jailbroken Rabbit R1 could be overclocked, run the TikTok app, NES emulator, or any other code. However, malicious actors can also find many uses.

“The vulnerability effectively bypasses owner protections and allows thieves to erase, factory reset and resell the device, negating the ‘Mark as lost’ functionality. Buying the device secondhand comes with great risk, as users won’t be able to check if the device has been tampered with and what software is running on it,” researchers warn.

Hackers could quite easily modify the device with backdoors tracking all user activity on the device, remotely access the microphone, camera, and inputs, scan the home network for other devices and vulnerabilities, carry out DDoS attacks, or use the AI in the box for other nefarious purposes.

Although tech reviewers may not have given the Rabbit R1 favorable feedback, the developers at Rabbit Inc. are adding new features and claim that it’s the best-selling AI device, with more than 100,000 units sold.

ADVERTISEMENT

How does the exploit work?

An initial review of the device revealed that Rabbit OS runs on Android 13, released on August 15th, 2022. Its most recent security patch is dated May 5th, 2023.

The firmware contained a largely unmodified Mediatek Board Support Package, with a handful of apps installed. The user primarily interacts with the RabbitLauncher APK, which acts as a user interface and handles the connected experiences with Rabbit’s servers. This app handles all the logic and functionality of the device.

patch-rabbit

The researchers also disassembled the device and found what appeared to be a debugging interface. However, it turned out to be disabled or used for other purposes.

disassembly-rabbit

“While trying to interact with the device, we discovered that a USB connection can be established when the device is turned off. Public Kamakiri exploits allow bypassing of authentication and security checks, as well as accessing the storage of the device. Dumping the original firmware took over 24 hours using specialized tools. However, it was needed for an analysis and backup,” the report reads.

dumping-firmware

The exploit enabled options for factory resetting the device and deleting user data and metadata.

r1-recovery
ADVERTISEMENT

Together with MediaTek’s application suite, the device includes additional apps such as “RabbitLauncher,” “RabbitIme,” and “R1SystemUpdater”. The “Build.prop” file revealed system variables and configuration.

Sources on the internet suggested that changing the “ro.secure,” “ro.adb.secure,” and “ro.debuggable” variables enable ADB (Android Debug Bridge) on boot. The device firmware had ADB originally disabled. ADB is often used by developers to access various system functions that are not accessible to ordinary users.

“Once these changes were flashed onto the device, it loaded the fastboot mode and refused to boot the unsigned image. With some extra steps, we were able to disable Android Verified Boot and make the device boot to the new firmware. Other developers shared similar jailbreaks on GitHub,” researchers noted.

It demonstrates that it’s possible to install a regular Android Open Source Project on Rabbit R1, like on any other Android device, with any modifications. The Cybernews research team was able to add new apps and modify system settings. The device is also capable of running malicious code.

r1-launcher-selection

Our researchers also noted that this method left the device displaying a warning message on every boot-up, indicating that it runs unlocked and potentially dangerous firmware. While there are possible solutions to remove these warnings, researchers did not attempt this due to time constraints.

“All of the access that was acquired was possible due to the “Kamakiri” exploit. This exploit was released in January 2019. This vulnerability utilizes a buffer overflow condition as a security bypass to read and write to the whole flash (eMMC) chip. Consequently, an attacker can dump or replace the firmware stored on it,” researchers concluded.

Why was the five-year-old vulnerability not patched?

The Rabbit R1 device uses MediaTek's chip that was labeled as released in the first quarter of 2023. However, software tools have identified the chip as MT-6765/MT8768t (Helio P35/G35) from 2018.

“It may be a rebranded older chip, with the only difference being that it was slowed down by 100 Mhz on some of its cores while leaving all other specs and features the same. That could explain why it is using an older, vulnerable codebase at its low-level firmware,” researchers noted.

ADVERTISEMENT

MediaTek has released multiple patches on similar common vulnerabilities and exploits (CVEs) in the past. Therefore, it remains unclear why the new device was discovered to be vulnerable to Kamakiri.

“Either MediaTek Provided outdated firmware to the Rabbit team, or this particular version of the old exploit was never discovered and patched by MediaTek, even though it is widely used in the Android hacking communities,” the Cybernews research team speculated.

Rabbit said they’re investigating ways to address this potential risk with their manufacturing partner and have hired additional security resources to focus on hardware security to prevent situations like this in the future.

“While we embrace the spirit of innovation, we must caution against tampering with or jailbreaking R1. Doing so disconnects the user from the secure rabbit ecosystem, and regrettably, we won’t be able to offer the support they might need if any issues emerge,” the company warned in a comment to Cybernews.

“Our roadmap with R1 is continuously evolving, and although there are no specific updates to share at this moment, we will continue to evaluate the best way to engage with third-party developers.”

Avoid used Rabbit R1s or those sold by third parties

Due to Rabbit R1’s software security and design decisions, the device provides limited functionality and settings that the user can interact with. That may appear to improve the device's security, although it comes with multiple downsides. Users cannot identify if malicious code is present on their devices or remove malicious code from them. Also, there’s no way to factory reset a device.

“One possible attack vector could be exploited by malicious actors selling the tampered devices on eBay or other platforms. Similar incidents happened before with other Android devices, such as set-top TV boxes,” researchers warn.

To remove any potentially malicious code from the device and reset it to its original state, the user would need technical knowledge to make use of available exploits, as well as a copy of the original Rabbit R1 firmware, which the company does not provide.

Rabbit R1 stores the user‘s personal data on the device. While it is encrypted securely using hardware keys and therefore not easily accessible, this is another consideration before buying a used device or trying to sell one.

ADVERTISEMENT

Researchers warn against repeating this experiment at home or tampering with hardware’s firmware in any way. This voids the warranty, lacks a documented procedure, and carries the risk of bricking the device or compromising its security, stability, or functionality.

The Rabbit R1 was announced in January 2024, and the first devices were shipped in April 2024. Rabbit Inc. raised at least $30 million in funding for the project.

Update: Rabbit said they made a number of changes in the software update last week to address security. The Factory Reset option is now available via the settings menu. Customers should use this option to erase all data from their R1 prior to transferring ownership. Rabbit also reduced the amount of log data stored on the device, and pairing data can no longer be logged or used to read from the device.

Updated on July 17th [06:30 a.m. GMT] with additional information from Rabbit.