Rabbit R1 jailbreakers uncover huge security flaws, including some that let internal data be viewed by literally anyone

(Image credit: Rabbit)

The Rabbit R1 has been found to contain multiple security vulnerabilities which not only could have allowed threat actors to read other people’s sensitive information, but also allowed them to send emails from the rabbit.tech subdomain.

Rabbitude, a community that formed around the unique AI assistant device, with the goal of reverse engineering the device, recently published two separate articles, outlining how in mid-May 2024, researchers gained access to the Rabbit codebase, where they found “several critical hardcoded API keys” in the code.

These keys allow anyone to read every response every R1 has ever given, including ones containing personal information, brick all r1 devices, alter the responses of all devices, replace every R1’s voice, and more.

Revoking APIs

The hardcoded APIs were for ElevenLabs (for text-to-speech), Azure (for an old text-to-speech system), Yelp (for review lookups) and Google Maps (for location lookups).

Soon after being made aware of the mishap, the team behind Rabbit R1 revoked the four keys and said that there is no evidence of customer data being leaked, or company systems being compromised. One of the keys was revoked improperly, leading to a temporary outage in text-to-speech services.

However, Rabbitude said it deliberately omitted finding a fifth hardcoded API, which allegedly “provides access to a complete history of emails sent on the r1.rabbit.tech subdomain.” This subdomain, the researchers claim, is primarily used for the R1’s spreadsheet-editing functions, which means it includes user information, too.

“It also allows us to send emails from rabbit.tech email addresses,” the researchers proclaimed.

In a statement sent to Engadget, Rabbit said it was only made aware of an "alleged data breach" on June 25.

"Our security team immediately began investigating it," the company continued. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details."

More from TechRadar Pro

Tech bosses are desperate to make AI PCs happen — and spoiler alert, they probably will
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.