1. Home
  2. >
  3. AI
  4. >

RabbitR1 in Trouble Again Security Vulnerability and User Data Leakage

By:Mia

TapTechNews June 27th, the RabbitR1 has once again fallen into the vortex of public opinion. After its App was criticized for being a shell of Android and its主推 Large Action Model (LAM) relied on the OpenAI interface, its API was exposed to have a security vulnerability and there is a risk of user data leakage.

RabbitR1 in Trouble Again Security Vulnerability and User Data Leakage_0

The RabbitR1 was unveiled at this year's CES show. It is positioned as a pocket AI device. This product has a 2.88-inch touchscreen, a rotatable camera and an interactive scroll wheel, and is equipped with the Rabbit self-developed operating system.

The biggest highlight of this device is the built-in 'Large Action Model (LAM)', which can be called a 'universal application controller'. Without the need to use a mobile phone, it can integrate multiple functions such as playing music, shopping, and sending messages, and can even train it to learn to operate specific applications.

As the personal assistant of users, the RabbitR1 is bound to involve the sensitive personal information of users, and the latest research by the Rabbitude team shows that there is a security vulnerability in its API, resulting in user data leakage.

RabbitR1 in Trouble Again Security Vulnerability and User Data Leakage_1

TapTechNews Note: Rabbitude is a community project that reverse-engineers devices and their software. The team periodically publishes its research results, and the latest one is worrying.

These APIs can also control key options of the mobile phone. The report said that by modifying API calls, it can be used to change the response of the device or change its sound.

The Rabbitude team described the vulnerability as a 'critical hard-coded API key' that can access Yelp reviews and Google Maps to meet location-related needs.

The team claims that the RabbitR1 team is aware of this problem but has not taken any measures to solve it.

Related Readings:

'RabbitR1 continuously exposed: converted overnight in the AI boom, NFT-charged users about to cry, and the large action model is also a shell'

'Is the pocket AI device RabbitR1 essentially just a'shell' of Android? The official denies'

'The pocket AI device RabbitR1 will be shipped to the first batch of US buyers at the end of the month: no need to pair with a mobile phone, can be called a universal application controller'

'RabbitR1 buyer review flops: asking a question is slower than Siri and the response speed is much slower than that at the release'

RabbitR1 security vulnerability user data leakage

Likes