【】

"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.
Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.
SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise youThe report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.
What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.
The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.
But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.
If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.
TopicsArtificial IntelligencePrivacy
相关文章
WhatsApp announces plans to share user data with Facebook
Big changes are coming to WhatsApp. 。On Thursday, WhatsApp announced in a blog post it will begin sha2025-04-03- 曼聯明夏首要目標簽下哈蘭德 朗尼克將成紅魔殺手鐧_薩爾茨堡_歐冠_萊比錫紅牛www.ty42.com 日期:2021-12-22 10:01:00| 評論(已有320977條評論)2025-04-03
- 於根偉 :卡達爾賽季基本報銷 保級隊積分沒有拉開_比賽_青島_滄州www.ty42.com 日期:2021-12-20 14:31:00| 評論(已有320653條評論)2025-04-03
- 郭田雨或成下位留洋球員? 泰山人員儲備豐厚是否有底氣放手_中鋒_分析_消息www.ty42.com 日期:2021-12-21 11:31:00| 評論(已有320805條評論)2025-04-03
Olympian celebrates by ordering an intimidating amount of McDonald's
It's no secret that Olympians have to eat clean for years to ensure they're at peak physical conditi2025-04-03- 李磊國安生涯回顧 :效力七載 隨隊獲2018年足協杯冠軍_賽季_北京中_官方www.ty42.com 日期:2021-12-20 19:31:00| 評論(已有320695條評論)2025-04-03
最新评论