时间:2024-09-20 06:14:58 来源:网络整理编辑:探索
"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called R
"All [Rabbit] R1 responses ever given can be downloaded," according to an R1 research group called Rabbitude.
Rabbit and its R1 AI device has already been dunked on for being nothing more than an Android app wrapped up in a hardware gadget, but something much more alarming is afoot.
SEE ALSO:I tested Rabbit R1 vs. Meta AI: The winning AI assistant will surprise youThe report (via The Verge) said Rabbitude gained access to the codebase and discovered API keys were hardwired into its code. That means anyone with these keys could "read every response every r1 has ever given, including ones containing personal information, brick all r1s, alter the responses of all r1s [and] replace every r1’s voice." The investigation discovered that these API keys are what provided access to ElevenLabs and Azure for text-to-speech generation, Yelp for reviews, and Google Maps for location data.
What's worse, Rabbitude said it identified the security flaw on May 16 and that Rabbit was aware of the issue. But "the API keys continue to be valid as of writing," on June 25. Continued access to the API keys means bad actors could potentially access sensitive data, crash the entire rabbitOS system, and add custom text.
The following day (June 26) Rabbit issued a statement on its Discord server saying that the four API keys Rabbitude identified have been revoked. "As of right now, we are not aware of any customer data being leaked or any compromise to our systems," said the company.
But the plot thickens. Rabbitude also found a fifth API key that was hardwired in the code, but not publicly disclosed in its investigation. This one is called sendgrid, which provides access to all emails to the r1.rabbit.tech subdomain. At the time Rabbitude published its follow-up report, the sendgrid API key was still active. Access to this API key meant Rabbitude could access additional user information within the R1's spreadsheet functions and even send emails from rabbit.tech email addresses.
If you were already skeptical of the R1's half-baked capabilities that Mashable Tech Editor Kimberly Gedeon blamed on "rushed innovation, disillusionment, and impetuousness" in her review, this might be your sign that Rabbit is at best, not worth the money, and at worst, incapable of keeping your data private.
TopicsArtificial IntelligencePrivacy
Here's George Takei chilling in zero gravity for the 'Star Trek' anniversary2024-09-20 06:01
官方:韓國國腳李剛仁加盟馬洛卡 簽約至2025年2024-09-20 05:37
名記:巴薩邊衛埃莫森將加盟熱刺 轉會費3000萬歐2024-09-20 05:32
官方:拜仁簽下萊比錫隊長薩比策 雙方簽約至2025年2024-09-20 05:30
Olympics official on Rio's green diving pool: 'Chemistry is not an exact science'2024-09-20 04:39
曝萊斯特和多特有意引進奧多伊 目前藍軍拒絕放人2024-09-20 04:36
曼聯秀弗爵C羅合影 :孩子 告訴全世界這就是你家2024-09-20 04:15
法媒:皇馬代表在巴黎已退出姆巴佩談判 或明夏免簽2024-09-20 03:51
Mom discovers security cameras hacked, kids' bedroom livestreamed2024-09-20 03:40
西乙隊官宣前深足前鋒索薩加盟 雙方簽下1+1合同2024-09-20 03:39
Donald Trump's tangled web of Russian influence2024-09-20 05:31
阿蘭傷情無礙首輪登場 郭田雨王秋明出場機會不大2024-09-20 05:24
曼聯秀弗爵C羅合影:孩子 告訴全世界這就是你家2024-09-20 04:54
國足後勤團隊負責打掃房間 防疫與健康放在第一位2024-09-20 04:42
Xiaomi accused of copying again, this time by Jawbone2024-09-20 04:29
卡塔爾王室成員:姆巴佩留隊 巴黎即將與其談續約2024-09-20 04:27
塞維回應切爾西 :沒替代方案不放孔德 報價逾期2024-09-20 04:10
前熱刺主帥 :凱恩未來赴紅軍紅魔 ? C羅不是障礙2024-09-20 04:09
Hiddleswift finally followed each other on Instagram after 3 excruciating days2024-09-20 04:05
張稀哲 :這是我們衝擊世界杯的最好機會 相比上一屆更有信心2024-09-20 04:03