Rabbit is a formal and potentially problematic Rabbit R1claims that a now-fired employee gave the hackers and developers joint access to the company’s various API keys, allowing them to read users’ AI prompts and send messages from the company’s mail servers. The maker of the AI gadget still blames “external critics” while praising the security effectiveness of the R1. Still, it seems unlikely that their efforts will put an end to the ongoing cybersecurity SNAFU.
In June, a team of white hat hackers and developers calling themselves Rabbitude released a report of criticism They claim they gained access to much of Rabbit’s internal codebase and were able to tamper with hard-coded API keys, including those for the company’s text-to-speech service ElevenLabs, which could have allowed them to view all users’ past text-to-speech messages. Rabbit initially denied the issue, but has since changed its API keys.
In an email to Gizmodo, a Rabbit spokesperson wrote: “In June, an employee (now fired) leaked API keys to a self-described ‘hacktivist’ group, who wrote an article alleging that they had gained access to Rabbit’s internal source code and some API keys. Rabbit immediately revoked and rotated those API keys and moved additional secrets to AWS Secrets Manager.”
The company continues to claim that the hack took place in June. Rabbitude still claims it had access to the codebase and API keys going back to May. The hackers claim that Rabbitude knew about the API issues but chose to ignore them until Rabbitude went public with its findings the following month.
In a Signal chat, one of the Rabbitude hackers, who goes by the name Eva, disputed the timing of Rabbids’ incident, saying, “We had access for over two months.” They declined to comment on the allegations against the former Rabbids employee, citing “legal reasons,” but still criticized Rabbids’ choice to hard-code the API key.
“Even if they were insiders, they should not have hard-coded the key in the code, because that would allow any employee to access users’ production messages, even if there was no compromise,” Eva said.
Rabbit initially denied there was a problem with the codebase and API keys, and members of Rabbitude used them to prove they had access. I sent an e-mail Gizmodo and other media outlets were accessed through the AI device company’s internal mail server. Rabbit then changed all API keys to block access. The company eventually press release “These keys were only misused to send derogatory emails to Rabbit employees and a small number of journalists encouraging hacktivist activity.”
Rabbit claims its system is always reliable
The problem wasn’t that the hackers had sensitive Rabbit R1 user data, but that anyone on the Rabbit team had access to this information in the first place. Rabbitude pointed out that the company should not have hard-coded the API keys, as that would have given too much internal access. Rabbit still seems to downplay the issue, constantly belittling the developer group by referring to “self-proclaimed hacktivists” and the reporter who first pointed out the issue.
Problems continued to mount after Ravititude published its findings. Last month, the device maker share The Rabbit R1 has more troubling security issues. The company says that users’ answers are stored on the device itself and aren’t deleted even after users log out of their Rabbithole accounts. This means that users’ answers could be accessed via “jailbreak” after selling the device. Rabbit is limiting the amount of data stored on the device. For the first time since Rabbit released the device in late April, users can now factory reset the device from within Settings.
Rabbit hired cybersecurity firm Obscurity Labs to conduct penetration tests on Rabbit’s backend and the R1 devices themselves. The firm conducted the tests between April 29 and May 10, before the security allegations first surfaced. Obscurity Labs report This week they explained that while they were able to use a fairly basic attack to gain access to the Playwright script at the heart of R1’s systems, they didn’t gain access to the source code or credentials that would allow users to access their Uber or DoorDash accounts.
In an email to Gizmodo, Rabbit again maintained that its source code has not been made public. A company spokesperson said the report shows that the company’s security “is working as intended to sufficiently minimize the potential impact of an attack.” The company further asserted that even if hackers gained access to Rabbit’s systems, they “would not have access to any substantial information, including classified or other valuable information.”
Critics don’t seem too reassured. The report doesn’t do any penetration testing of how Rabbit stores users’ session tokens. After some critics complained, Obscurity Labs updated the report to say that Rabbit uses third-party companies to keep its data private, so its system is “out of scope.” As for Rabbitude, its members say the report doesn’t truly address their concerns.
“I wouldn’t even call it a pen test,” Eva said.
