The Californian start-up Rabbit created a small sensation last January in Las Vegas, at the Consumer Electronics Show (CES). It presented its small R1 box, equipped with an operating system designed around a natural language interface. The size of a stack of Post-its and ultra-light (115 grams), this small device was presented by its developers as being oriented towards a “intuitive app-free experience thanks to the power of artificial intelligence”. No more need to download and use applications: Rabbit OS takes care of that.
Reading and editing answers, replacing voices…
Priced at $200, the case sold over 10,000 units in just a few days. Rabbit sent out its first batch of R1 pre-orders in late March, with shipments expected in late April. But already, security vulnerabilities are emerging: On May 16, a team of researchers and developers called Rabbitude gained access to the case’s code base and obtained several hard-coded critical API keys.
This is a major flaw, because access to these API keys allows anyone to read all the responses given by R1, including those containing personal data, to modify the responses of all boxes, or even replace their voices. In its report published on June 25, Rabbitude specifies that these API keys concern the tools developed by ElevenLabs for its text-to-speech technology, Azure for its old text-to-speech system, Yelp for searching for reviews and Google Maps for searching for reviews. places.
The ElevenLabs key provides access to administrator privileges
At the end of March, Rabbit actually announced its partnership with the New York start-up ElevenLabs. The goal was to build AI audio tools, with voice powered by ElevenLabs responding to voice commands performed by users. Problem: The ElevenLabs API key gives full privileges to people with access to it. It would then be possible for everyone to obtain the history of all text-to-speech messages, to change voices, to replace text with another if the words or sentences have the same pronunciation… and even to delete voices. , which would render the operating system out of service.
The group of researchers and developers claims that most of the keys have been revoked, but not all of them: In a June 26 post, Rabbitude revealed the existence of a fifth hardcoded API key that is still active, for SendGrid. This key provides access to a complete history of emails sent for the R1’s spreadsheet editing features, including user data. It also allows emails to be sent from “rabbit.tech” email addresses.
No customer data stolen yet, says Rabbit
The start-up, for its part, stated on its website that it had carried out an inventory of all the “secrets” currently being exploited, and that it had begun to remove them. “We review audit logs from our SaaS platforms to check for any theft of customer dataexplains the Los Angeles-based company. At the time of publishing this update [le 28 juin à 3 h du matin]we have not seen any compromise to our critical systems or the security of customer data.”
Selected for you
