Since its launch in April this year, Rabbit has been hoping that the r1 device would be one in which artificial intelligence (AI) could handle tasks all day long, without the need for a phone.
Now, Rabbit has revealed that the r1 records users’ chats on the device with no way to erase them. This way, if the r1 was lost, stolen, or sold, the chat logs could be seen by others. Users were not informed that their conversations with the device were being recorded.
I also tried out some AI gadgets that were popular online, but it made me want to try more.
In a security advisory explaining the issue, the company said on July 10 that it was “aware of and immediately addressed the potential risks associated with lost, stolen or second-hand R1 devices.”
Rabbit also revealed that pairing data stored on the device could be used to write data to rabbitjournal to trigger actions like “order an Uber” or “play music”, as well as read data from rabbitjournal. This issue meant that in the wrong hands, r1 could be used to see log files containing saved requests, photos, and more.
Rabbit has taken several steps in response to this. First, a factory reset option is now available in the settings menu, allowing users to wipe all data from the r1. Secondly, less data is stored on the device. Finally, pairing data can no longer be read by Rabbithole, it can only trigger actions.
Also, Unboxing the Rabbit R1: First impressions of the $199 AI gadget
The company said it has “no indication that the pairing data was exploited to obtain rabbit hole journal data of previous device owners,” and that it was disclosing the vulnerability in the name of transparency while conducting a “complete review of how we log devices.”
If you have r1, no action is required – software updates that fix these issues will be automatically downloaded and installed.
