A serious security vulnerability has been discovered in the Rabbit R1, a handheld AI device designed to simplify everyday tasks. The flaw could allow unauthorized access to users' text prompts, potentially exposing sensitive personal information.
The R1, developed by an AI-focused company, functions as a voice-controlled assistant, similar to existing smart assistants on the market. Users can make requests like ordering food or sending messages, which are transmitted to a cloud-based system for processing. However, a recent report from "rabbitude," a community of R1 developers, reveals a concerning security gap.
The report claims that requests sent from the R1 can be intercepted due to hardcoded API keys. These keys reportedly contain responses generated by the device, which often include sensitive user data. This vulnerability could allow malicious actors with access to these keys to obtain information such as locations, contacts, and other private details.
Adding to the concern, "rabbitude" alleges that the company was aware of the security issue but had not taken steps to address it. However, the company informed Engadget that an alleged data breach was investigated, and no vulnerabilities were found. They stated they were unaware of any customer data being compromised.
This isn't the first time the Rabbit R1 has faced criticism. Upon its release, the device was considered underdeveloped despite its affordable price point.