Don't do as they do: Rabbit R1 stored hardcoded API keys in source code on the device
Take action: We don't care whether you like Rabbit R1 or not. Just be better at managing API keys than hardcoding them in the application. That practice was insecure even back in 2007, when services were isolated in corporate networks - let alone today when API keys give you access to cloud based services.
Learn More
Rabbit's R1 AI device has faced criticism for being little more than an Android app encased in hardware, but recent discoveries by the R1 research group Rabbitude reveal far more serious issues. According to the reports by Rabbitude, they discovered multiple hardcoded API keys in Rabbit’s codebase causing security risks.
On May 16, 2024, Rabbitude accessed Rabbit's codebase and found several critical hardcoded API keys. These keys, which were still valid as of June 25, 2024, allow unauthorized individuals to:
- Read all responses from every R1 device, including those containing personal information.
- Brick all R1 devices.
- Alter responses of all R1 devices.
- Replace the voices on all R1 devices.
These API keys connect to the following services:
- ElevenLabs: For text-to-speech generation.
- Azure: For an old speech-to-text system.
- Yelp: For review lookups.
- Google Maps: For location data.
The most significant of these is the ElevenLabs key, which grants full privileges, enabling actions such as:
- Retrieving the history of all text-to-speech messages.
- Changing voices on the R1 devices.
- Adding custom text replacements.
- Deleting voices, which can crash the RabbitOS backend and render all R1 devices non-functional.
Despite being informed of the issue on May 16, Rabbit did not initially revoke the API keys. On June 26, following public exposure of the flaw, Rabbit issued a statement on its Discord server:
"Today we were made aware of an alleged data breach. Our security team immediately began investigating it. As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details."
Rabbit subsequently revoked the four exposed API keys, though one was revoked improperly, causing a temporary outage in text-to-speech services. However, Rabbitude discovered and disclosed a fifth hardcoded API key for SendGrid, which Rabbit had not revoked.
The SendGrid API key, still active as of the latest update, provides access to all emails sent from the r1.rabbit.tech subdomain. This includes user information stored within the R1’s spreadsheet functions and allows unauthorized individuals to send emails from Rabbit’s email addresses. Rabbitude demonstrated this vulnerability by sending sample emails from Rabbit domains to journalists.
