时间:2024-09-20 08:51:30 来源:网络整理编辑:焦點
"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called R
"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.
Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.
SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise youThe report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.
What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.
The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.
But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.
If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.
TopicsArtificial IntelligencePrivacy
Tributes flow after death of former Singapore president S.R. Nathan2024-09-20 08:34
國安主帥:對王子銘很滿意 相信張稀哲還會進步2024-09-20 08:11
粵媒 :中國留洋軍團凜冬已至 入籍球員處於生涯最低穀2024-09-20 08:09
三鎮主帥:客場收獲平局可以接受 不存在幸運的成分2024-09-20 08:07
New Zealand designer's photo series celebrates the elegance of aging2024-09-20 08:05
不忘師恩!武磊發文感謝徐根寶:回想十年前好像就在昨天2024-09-20 07:08
懸念回來了!積分榜:三鎮首敗繼續領跑 泰山距榜首4分2024-09-20 06:26
為何被叫四哥?趙明劍:因為鄉村愛情 覺得自己和趙四像2024-09-20 06:17
Two states took big steps this week to get rid of the tampon tax2024-09-20 06:13
追打裁判事件調查 :補時是否合理 ?主裁是寧波隊教練學生 ?2024-09-20 06:10
Slack goes down again, prompting anxiety everywhere2024-09-20 08:18
為什麽中國足球退步 ?範誌毅:選不到特別好的苗子2024-09-20 07:57
曝巴黎為梅西開出續約合同 年限1+1 在這裏退役 ?2024-09-20 07:48
上海海港升入中超十年,進球的還是崇明子弟武磊呂文君2024-09-20 07:16
Snapchat is about to explode in popularity, report says2024-09-20 07:06
中超第18輪精彩瞬間:武磊送飛吻 鄭智李瑋鋒擁抱2024-09-20 07:03
球員追打裁判 ,省運會為啥總出事 ?這裏麵利益到底有多大 ?2024-09-20 07:01
歐冠重大改製!將赴中國OR美國比賽 巴黎首當其衝2024-09-20 06:38
Photos show the Blue Cut fire blazing a path of destruction in California2024-09-20 06:29
海港主教練 :球員防守很積極 勝利為球隊帶來信心2024-09-20 06:08