The electronic assistant with artificial intelligence Rabbit R1 saved correspondence with users on the device without the ability to delete it, confessed gadget manufacturer. The error was fixed with the release of a software update, which received a new function “Factory Reset” in the settings to delete all data from the device. Previously, you could unlink your account from the device, but this did not delete user data.
Along with the new ability to completely delete all user data, the software update eliminated another questionable feature of Rabbit R1: previously connected to the gadget external devices with permission to add data to the Rabbithole log could also read it. That is, a stolen or hacked Rabbit R1 revealed all requests, photos and other user data to a potential attacker.
With the update, the devices lost access to reading the log, and the volume of the log stored on the device was reduced. According to the company, “there is no evidence that the data during connection was used to read the Rabbithole log data belonging to the previous owner.” Rabbit assessed the risk of such abuse as insignificant.
In June, hard-coded API keys for third-party services were found in the device’s code, giving a potential attacker access to any response the device gave to the user. Rabbit said the employee responsible for the error had been identified, fired, and is currently under investigation. The company promised to improve its security practices to prevent similar errors in the future, and is currently conducting a detailed review of its device log practices to ensure they meet standards “set in other areas.”
If you notice an error, select it with your mouse and press CTRL+ENTER.