Researchers Prove Rabbit AI Breach by Sending Email to Us as Admin

Researchers discovered a security flaw in the Rabbit R1 AI assistant device, revealing hardcoded API keys that exposed sensitive data. The flaw allowed access to all R1 responses and enabled hackers to impersonate the company for services like text-to-speech and email sending. The group Rabbitude, dedicated to analyzing Rabbit's technology, identified the issue and demonstrated it by sending emails from internal admin addresses. Rabbit R1, essentially an Android app utilizing off-the-shelf APIs, has faced criticism for its poor design and security vulnerabilities. Rabbitude aims to enhance the device's functionality through reverse engineering and public disclosures. The incident underscores the importance of robust security measures in IoT devices to prevent unauthorized access and data breaches.