The exposed API keys were discovered by a group called Rabbitude, a community of hackers and developers who have been reverse engineering the Rabbit to understand its workings, identify security issues, jailbreak the devices, and add additional features. This is the latest in a series of design flaws for the device, which is essentially an Android app running requests through a series of off-the-shelf APIs.
Key takeaways:
- The Rabbit R1 AI assistant device had critical API keys hardcoded and exposed in its code, which could have allowed hackers to see and download all responses ever given by the device.
- The exposed API keys could have allowed a hacker to use various services, including text-to-speech services and email sending services, as if they were the company.
- The exposed API keys were discovered by a group called Rabbitude, a community of hackers and developers who have been reverse engineering the Rabbit to explain how it works, find security problems, jailbreak the devices, and add additional features.
- The device's poor design has been the subject of many articles, investigations, and YouTube videos, and this latest disclosure is seen as the latest in a comedy of errors for the device.