The Rabbitude developer community has discovered a critical vulnerability in the code of the Rabbit R1 device that could lead to the leak of confidential information. reports “Habr”.
Developers accessed the Rabbit R1 database on May 16 and discovered several “hard-coded API keys” that allow any user to access the AI device’s responses, including personal data.
Therefore, AI requests and responses passing through the Rabbit cloud system contain confidential information from users of ElevenLabs, Azure, Yelp, and Google Maps services. The vulnerability allows attackers to intercept the R1 device, modify responses, and perform other actions.
The developers also stated that Rabbit was aware of the issue but did not take action to fix it. In response to the allegations, the creators of Rabbit R1 stated that they were not aware of any customer data leaks or any system breaches.
However, Rabbit soon revoked the API keys of 11 companies and added a page on its website dedicated to investigating the vulnerability.
Rabbit R1 is an AI device with built-in ChatGPT. As it turned out shortly after the release of the gadget, Rabbit R1 runs not on its own Rabbit OS operating system, as the developers stated, but on Android with a custom shell.
Previously reportedHe said that the State Duma highly appreciated the opportunity for RuStore to appear on the iPhone.