"All [Rabbit] R1 responses ever given can Canadabe downloaded," according to an R1 research group called Rabbitude.
Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.
SEE ALSO: I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise youThe report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.
What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.
The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.
But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.
If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.
Topics Artificial Intelligence Privacy
Best iPad deal: Save $132 on Apple iPad (10th Gen)
5 lessons we learned about movie and TV adaptations in 2021
How to use voice effects on Instagram Reels
The 5 most important TV features to look for in 2022
NYT Connections hints and answers for May 10: Tips to solve 'Connections' #699.
How to move Safari's search bar back to the top on your iPhone
Man with the 'golden arm' saved lives for 60 years, donates last time
The most stunning space photos of 2021
Best Sony headphones deal: Over $100 off Sony XM5 headphones
How to find, generate and post your Instagram Top 9
A Typical Wall Street Republican
Alexa device use plummets after purchase, according to internal Amazon docs
I can only hear Yanny, not Laurel. Is there something wrong with me?
Find out which classic Bath & Body Works scent you are, based on your zodiac sign
The Baffler’s May Day Round Up
The best video game hidden gems of 2021
TikTok account shares WIC
How to track if someone opens your email
Bomb Envy
Salt & Straw's 2021 Gone Viral Limited Edition Pack tasted as weird as this year felt
Vanitas by Jordan KisnerFrom Woe to Wonder by Aracelis GirmayThe Myth of SelfThe Fabulous Forgotten Life of Vita SackvilleFrom Woe to Wonder by Aracelis GirmayThe Cold Blood of Iceland by Roni HornWhy Do We Keep Reading ‘The Great Gatsby’?A Brief History of Word Games by Adrienne RaphelRedux: In This Version of Our Lives by The Paris ReviewIn Winter We Get inside Each OtherWays to Open a Door: An Interview with Destiny Birdsong by Claire SchwartzMy Gender Is Masha GessenThe Great Writer Who Never Wrote by Emma GarmanReading the Artifacts After the Capitol Riot by Swati RanaMurder Most Foul by P. D. JamesThe Paris Review Staff’s Favorite Books of 2020 by The Paris ReviewInhale the DarknessThe Art of Distance No. 34 by The Paris ReviewWhat Our Contributors Are Reading This Fall by The Paris ReviewVanitas by Jordan Kisner American Apparel turns Canadian after sale to activewear brand Twitter is freaking out about the existence of hairless animals Tennis star Nick Kyrgios sports quite the anti Kristen Bell and Dax Shephard skipped Golden Globes parties to play 'Settlers of Catan' A look back at 5 of the best moments from Games Done Quick speedruns If a regular burger just won't do, have one with Hello Kitty's face on it Ookla launches Speedtest for Windows and macOS Twitter made the best out of the embarrassing 'Hidden Fences' mistake 'Pokémon Go' banned in China over public safety concerns Deshaun Watson foreshadowed his championship heroics for Clemson in an eerie tweet 4 years ago 'The Good Fight': Will Alicia be back in 'The Good Wife' spinoff? Apple says a bug messed up Consumer Reports' MacBook Pro battery tests DeMarcus Cousins totally kicked this chair's ass. Hope it was worth the price. Obama says clean energy's momentum is 'irreversible,' even under Trump New York Giants really rethinking that yacht party after humiliating playoff loss Fitbit acquires Vector Watch and could add an app store in 2017 Mark your 2022 calendars to watch a star explosion People are appalled that the Texas governor gave Taiwan's president a clock Meryl Streep’s Trump speech is having a big secret effect on this group Watch YouTuber Alexis G. Zall learn about hacking in 'Coin Heist' behind