Rabbit, the company behind the perfunctory and potentially problematic Rabbit R1, now claims that a since-fired employee gave a hacker and developer collective access to all its various API keys, allowing them to read users’ AI prompts and send messages from the company’s own email server. The makers of the AI doohickey are still calling out “external critics” while extolling the effectiveness of the R1’s security. Still, it doesn’t seem like their efforts will put an end to the ongoing cybersecurity SNAFU.
Back in June, a team of white hat hackers and developers calling themselves Rabbitude released a damning report claiming they gained access to many of Rabbit’s internal codebase and could fool around with a number of hardcoded API keys. This included a key to the company’s connection with text-to-voice service ElevenLabs, which could grant them a look at all users’ past text-to-speech messages. Rabbit first denied an issue but has since changed its API keys.
In an email to Gizmodo, a Rabbit spokesperson wrote, “In June, an employee (who has since been terminated) leaked API keys to a self-proclaimed ‘hacktivist’ group, which wrote an article claiming they had access to Rabbit’s internal source code and some API keys. Rabbit immediately revoked and rotated those API keys and moved additional secrets into AWS Secrets Manager.”
The company has continued to claim the hacking effort took place in June. Rabbitude still maintains it had access to the codebase and API keys going back into May. The hacker collective claims that Rabbit knew of the API issue but chose to ignore it until Rabbitude published its findings the following month.
Over Signal chat, one of the Rabbitude hackers, who goes by Eva, rebutted Rabbit’s alleged timing of events, saying, “We had access for over two months.” They declined to comment on Rabbit’s claims about a former employee, citing “legal reasons,” but they still derided Rabbit for its choice to hardcode the API keys.
“Even if it was an insider, they shouldn’t have hardcoded the keys in their code, as it means any employee could have access to users’ production messages, even if they weren’t breached,” Eva said.
Rabbit initially denied there was an issue with the codebase and API keys. To prove they had access, a member of Rabbitude sent an email from the AI device company’s internal email server to Gizmodo alongside several outlets. Rabbit later changed all API keys to block access. The company eventually said in a press release that “the only abuse of those keys was to send defamatory emails to rabbit employees” and “a small number of journalists who encourage the work of hacktivists.”
Rabbit Claims its Systems Were Always Reliable
The problem was never that the hackers were holding onto sensitive Rabbit R1 user data but that anybody on Rabbit’s team had access to this info in the first place. Rabbitude pointed out that the company never should have hardcoded its API keys, which allows too many people internal access. Rabbit still seems to be glossing over that issue, all while belittling the group of developers with its constant reference to “self-proclaimed hacktivists” or the reporters who pointed out the problem in the first place.
The issues just kept piling on even after Rabbitude published its findings. Last month, the device maker shared even more troubling security issues with the Rabbit R1. The company said users’ responses were being saved onto their device itself, and they weren’t being removed even after they logged out of their rabbithole account. This meant users’ responses could be accessed via a “jailbreak” after selling off their devices. Rabbit is limiting the amount of data that gets stored on-device. For the first time since Rabbit released the device in late April, users can finally choose to factory reset their device through settings.
Rabbit hired cybersecurity firm Obscurity Labs to conduct a penetration test into Rabbit’s backend and the R1 device itself. The firm conducted the tests from April 29 through May 10, before the security controversies first came to life. Obscurity Labs released its report this week, describing how they could use some pretty basic attacks to access the Playwright scripts at the heart of the R1’s systems but couldn’t access the source code or credentials that let users access their Uber or DoorDash accounts.
In an email to Gizmodo, Rabbit again claimed that the company’s source code had not been exposed. A spokesperson for the company said the report shows their security “is working as intended to minimize the potential impact of an attack sufficiently.” The company further claimed that when hackers access Rabbit’s systems, “they are unable to access anything of substance, including sensitive or other valuable information.”
Critics aren’t feeling very mollified. The report pointedly does not pentest how Rabbit stores users’ session tokens. After some critics complained, Obscurity Labs updated the report to say that that system was “out of scope” since Rabbit uses a third-party company to keep that data private. As far as Rabbitude is concerned, members say that the report doesn’t truly address their concerns.
“I wouldn’t even call it a pentest,” Eva said.
Trending Products
