Well, it is clearly Rabbit again with its R1 AI gadget that pics up very serious security concern. This time, the launcher is not how it's installed as an Android app. Screenshot: Liz Weston Researchers and developers in the tech field, Rabbitude found out that Rabbit has hardcoded API keys for its codebase thus exposing sensitive information.
Simply put, API keys are digital or some sort of passwordish pieces that allow access to a given service on the web. Specifically, the keys used to interface between Rabbit's software and third-party web services (such as text-to-speech provider ElevenLabs or email sending service SendGrid) Which meant that whoever gets these keys can potentially have the data and services of Rabbit.
Rabbitude | September 21, 2017 Rabbitude Key Chain Discovered Over A Month Ago; Danger Seen Immediately. The keys, and notably the ElevenLabs API key were reportedly capable of retrieving any capture made by an R1 device since it shipped up until whenever they decided to revoke access. It is a major safety default, that can further lead to data leakage of private information.
Rabbit did nothing to protect the data despite being alerted of the breach. Rabbitude said that it had access to the SendGrid key as late as earlier today, despite some of its keys being taken away. This implies that Rabbit has not, in fact taken possession of all the keys already.
It responded to the incident with a statement on its website. Company spokesman Ryan Fenwick said more details would be posted on the page as they become available. The statement also echoed one by Rabbit on its Discord channel, in which the company said it was looking into “the vulnerability” before adding that there had been no compromise of critical systems or customer data.
This spring, the Rabbit R1 launched and appeared poised to do great things for only a few users within weeks of coming out. I had almost no features on the device, and unbelievable battery drain along with frequent errors in AI answers. Though Rabbit has made a series of updates fixing bugs, the basic problem still exists: overpromise and underdeliver.
This latest security breach significantly damages Rabbit’s reputation. With the company already struggling to meet user expectations, the discovery of such a serious security flaw makes it even harder to regain public trust.
The exposure of hardcoded API keys in Rabbit’s codebase by R1 jailbreakers is a major security concern. Rabbit needs to take immediate action to secure its systems and restore user confidence. Until then, users should remain cautious and stay updated with the latest information from the company.