After it was launched in late April 2024, the Rabbit R1 got a mixed bag of reviews, with many reviewers describing it as an unhelpful gadget or only scarcely more useful than Humane’s AI Pin. Digital Trends’ Joe Maring rated it a single star, writing, “The Rabbit R1 was supposed to be one of the hottest AI gadgets of the year. Instead, it’s a buggy, flawed, and unsuccessful mess in every way imaginable.”
As if launching a product flop wasn’t bad enough, Rabbit is now facing reports of a data breach that may have revealed sensitive user data. Rabbitude, a reverse engineering project for the Rabbit R1, is reporting it was able to gain access to the Rabbit codebase and found several hardcoded API keys in its codes.
The below isn’t an exhaustive list, but it allows anyone to do any of the following:
The following services also had their API keys exposed:
Rabbitude notes that the API keys for Elevenlabs give full privileges. These include getting a history of all past text-to-speech messages, changing voices, adding custom text replacements, deleting voices, and crashing the rabbitOS backend, essentially bricking all Rabbit R1 devices. Rabbit did, however, revoke the Elevenlabs API key, which also broke Rabbit devices for a period of time.
This is a fairly worrying set of permissions to allow on any device, but it’s extra troubling when it’s for an always-on voice-activated AI gadget loaded with cameras. Rabbitude says it reached out to the Rabbit Team, which is aware of the leaked API keys, but they “have chosen to ignore it,” and the API keys continue to be valid as of this writing.
all rabbit r1 responses could be read by us for the past month and rabbit knew about it and did nothing to fix it.https://t.co/r6NmhZJY5W
— xyzeva (@xyz3va) June 25, 2024
Endgadget similarly reached out to the company and received confirmation that Rabbit is aware of the “alleged” data breach as of June 25. “Our security team immediately began investigating it,” the company said. “As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details.”
As far as security failures go, this seems to be a fairly serious one. While the Rabbit R1 is a neat device, it’s also heavily flawed, and the security issues are sufficient enough that we recommend that you stop using it, at least for now. After all, there’s nothing your $199 Rabbit R1 (separate data plan required) can do that your smartphone can’t.
Related Posts
Android phones can warn you if you open financial apps during a scam call
Whenever Android detects that you are on a call with a number not saved in your contacts, and you open a supported financial app, it will trigger a protective alert.
Your phone can now tell you when a text looks like a scam
Since our messaging apps are constantly getting hammered with sophisticated fraud - from those fake "delivery fee" demands to weird promises of free money - Google is stepping in to help you spot the fakes at a glance.
Your notifications just got smarter and quieter with Google’s new update
Right now, this is hitting Pixel devices, with Samsung, OnePlus, and others expected to catch up soon (likely via updates like One UI 8.5). This isn't just a bug fix; it’s a serious upgrade list. We’re talking AI-powered notification summaries, a smart Notifications Organizer that cleans up your shade, auto-themed icons that actually match your wallpaper, and a much smarter dark mode.