【】

发布时间：2025-04-24 12:16:05 作者：玩站小弟

"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called R 。

"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.

Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.

SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise you

The report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.

The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.

But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.

If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.

TopicsArtificial IntelligencePrivacy

Tag：

Fiji wins first
Fiji's men's rugby sevens team has made history by defeating Great Britain and claiming the country'
2025-04-24
確定了！2023年，這筆錢免收！
確定了！2023年，這筆錢免收！_足球 - 世界杯，歐洲杯，天下體育，足球，世界杯，籃球，羽球，乒乓球，球類, 棒球 ( 老百姓,家電 )www.ty42.com 日期:2023-03-02 00:
2025-04-24
Apple reportedly paid OpenAI zero dollars for its ChatGPT partnership
How much money was exchanged between Apple and OpenAI in its new partnership? Zero dollars. Accordin
2025-04-24
向日葵餡餅麵包的做法
你家孩子愛吃你做的菜嗎？相信很多人不敢點頭吧。孩子不愛吃家裏的菜，容易引發偏食厭食，非常影響身心的發展。所以，為了孩子的健康，你應該跟我學學如何做好向日葵餡餅麵包1.1再將高筋粉200克，鹽0.5小勺
2025-04-24
Dramatic photo captures nun texting friends after Italy earthquake
The image of an injured, bloodied nun, calmly texting friends and family in the wake of the deadly e
2025-04-24
蓮藕胡蘿卜丸子的做法
對於中老年人來說，人生一半可以說是過去了。在剩下了的生命裏，要做的就是享受生命。享受生命得從生活的細節開始，比如說一日三餐。很多中老年人有許多美食來沒享受到，下麵就讓小編來介紹一下如何來做蓮藕胡蘿卜丸
2025-04-24

焦點

熱點

探索

知識

娛樂

休閑

百科

綜合

【】

相关文章

最新评论

文章分类

大家感兴趣的内容

最近更新的内容

友情链接