The team behind Rabbitude, the community-formed reverse engineering project for the Rabbit R1, has revealed a security issue with the company’s code. A group of developers and researchers says it has discovered API keys hardcoded in the company’s codebase, potentially putting sensitive information at risk.
The api keys are in place the following services:
- ElevenLabs (for text-to-speech)
- Azure (for an old speech-to-text system)
- Yelp (for review lookups)
- Google Maps (for location lookups)
Considering the implications of this find is Jason Kent’s, Hacker In Residence at Cequence Security. Kent explains the importance to Digital Journal.
Kent begins by placing the incident in context: “I remember many years ago it was figured out that Sony had installed a private key in the code on one of the PS models. That key was now in the hands of everyone, and it made it possible for someone to make a bad game, say one that would brick the system, and code sign it.”
In terms of the consequence of this, Kent observes: “This meant that the trust in that key was a forever kind of trust, one you couldn’t suddenly revoke.”
Connecting this to the specific cybersecurity incident, Kwent indicates: “The same thing is happening with API keys, apparently. The Rabbit R1, the task LAM (Large Action Model), which is supposed to be what our smartphones were supposed to be, seems to have left their API keys exposed.”
As to what this means, Kent explains: “This little device allows you to push a button and speak commands, questions, translation requests, etc… as well as point its camera at something and have it do a variety of tasks. This all requires a call to an AI that is in the cloud and the responses are all sent to the device.”
This allows someone with access considerable scope. Kent details: “The exposed API keys are for the AI services it calls as well as some administrative interfaces. This means you can dump all of the responses that have ever been sent to a specific device, you can email from their internal emails as well as various other tasks.”
As to what to do, Kent advises: “If you have an R1, your prompt responses are now available to all and you could be getting system emails that a nefarious entity is sending. In addition to vigilance around the use of the R1, keep in mind this kind of thing leads to further discovery, and your RabbitHole account might be the next compromise.”
Even with this in place, Kent remains cautious of the robustness of the recommended measures: “Rabbit says they reset the API keys but the researchers working on this say they can still send emails so it may not be in a safe state just yet.”
