There seems to be no rest for the Rabbit R1 project, which after a debut with lukewarm reviews is now facing a very serious security problem. A flaw was discovered that would have exposed confidential user data to malicious agents, giving access to all the responses that the device gives to requests.
According to the manufacturers, the vulnerability has not been exploited, but it is a new blow for a device that was presented with great expectation at the Consumer Electronics Show (CES) in Las Vegas, but which at the time of its launch was hopelessly shipwrecked.
We tested the Rabbit R1. Is it as bad as they say?
Rabbit’s new artificial intelligence device, which promised to revolutionize the technology sector, fails to meet the expectations of early adopters, including WIRED.
The Rabbit R1 security flaw
The Rabbit R1 seemed destined to be one of the gadgets of the year, since it proposes using artificial intelligence (AI) for a natural and comfortable interaction, almost completely replacing the smartphones. The small AI device with a touch screen and camera aims to do everything by itself, for various tasks ranging from requesting information to more complex actions, such as booking tickets, listening to the user’s needs. However, the first criticisms that appeared pointed to a malfunction and a still immature system, while the first teardowns suggested that it was nothing more than a simple Android application wrapped in a pretty and attractive design.
The security alert was given by the group of jailbreak and reverse engineering Rabbitude, with the discovery of encrypted API (application programming interface) keys that would have allowed access to accounts of external services, such as ElevenLabs’ AI speech generator or the SendGrid email client used internally. What would have been the dangers if an attacker had exploited the vulnerability granted by this flaw?
According to the team that released it, it would have been possible to obtain all the responses provided by the device to user requests, with an obvious exposure of confidential information and personal data, and to the detriment of privacy.
The manufacturers of the Rabbit R1 confirmed that the flaw has not been exploited by hackers so far and they created a page to try to clarify the matter, but they have not yet published any significant updates on the causes or effects of the problem.
Article originally published in WIRED Italia. Adapted by Andrei Osornio.
He hardware with integrated generative AI still does not meet expectations
The wearables Rabbit and Humane’s AI games received negative reviews, including from WIRED. This shows that it is still difficult to compete with Big Tech in the era of ChatGPT.
