【】
"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.
Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.
SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise youThe report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.
What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.
The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.
But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.
If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.
TopicsArtificial IntelligencePrivacy
相关文章
One of the most controversial power struggles in media comes to a close
One of the world's biggest media companies has been embroiled in a complex personal and professional2024-09-20巴西VS克羅地亞:大膽預測巴西爆冷出局 格子軍團點球大戰笑到最後(克羅地亞與西班牙預測)
巴西VS克羅地亞 :大膽預測巴西爆冷出局 格子軍團點球大戰笑到最後克羅地亞與西班牙預測)_世界杯 ( 克羅地亞,巴西 )www.ty42.com 日期:2022-12-08 00:00:00| 評論(2024-09-20【波盈足球】 世足相信隊友 「魔笛」:李瓦柯維奇會擋下所有球 ( 日本隊,西亞 )
【波盈足球】 世足相信隊友 「魔笛」 :李瓦柯維奇會擋下所有球 ( 日本隊,西亞 )www.ty42.com 日期:2022-12-06 00:00:00| 評論(已有354834條評論)2024-09-20【波盈足球】 法國足協1句話曝玄機 ?姆巴佩、吉魯老少「深情相視」 畫麵瘋傳 ! ( 美聯社,波蘭 )
【波盈足球】 法國足協1句話曝玄機 ?姆巴佩、吉魯老少「深情相視」 畫麵瘋傳! ( 美聯社,波蘭 )www.ty42.com 日期:2022-12-09 00:00:00| 評論(已有3545922024-09-20Fake news reports from the Newseum are infinitely better than actual news
Actual investigative journalism: who needs it?At least, that's what some people will likely conclude2024-09-20世界杯最後8場!梅西C羅GOAT之爭 ,內馬爾姆巴佩定足壇地位(明晚世界杯有幾場比賽)
世界杯最後8場!梅西C羅GOAT之爭 ,內馬爾姆巴佩定足壇地位明晚世界杯有幾場比賽)_世界杯 ( 葡萄牙,世界杯 )www.ty42.com 日期:2022-12-08 00:00:00| 評論(已有2024-09-20
最新评论