Pocket AI device Rabbit R1 is caught in a negative vortex: API vulnerability exposed, which can expose user information

Rabbit R1 It has once again been caught in a whirlpool of public opinion. After the App was criticized for being an Android shell, its main large action model LAM relied on the OpenAI interface. Its API was also exposed to have security vulnerabilities and there was a risk of leaking user data.

Pocket AI device Rabbit R1 is caught in a negative vortex: API vulnerability exposed, which can expose user information

Rabbit R1 was unveiled at this year's CES. It is positioned as a pocket AI device. This product has a 2.88-inch touch screen, a rotatable camera and an interactive scroll wheel, and is equipped with Rabbit's self-developed operating system.

The biggest highlight of this device is its built-in "Large Action Model (LAM)", which can be called a "universal application controller". It can integrate multiple functions such as playing music, shopping, and sending messages without using a mobile phone, and it can even be trained to learn to operate specific applications.

As a personal assistant for users, Rabbit R1 inevitably involves sensitive personal information of users. However, the latest research by the Rabbitude team shows that its API has security vulnerabilities, leading to the leakage of user data.

Rabbitude is a community project that reverse engineers devices and their software. The team publishes its findings from time to time, and the latest one is worrying.

These APIs can also control key options of the phone, and the report says that by modifying the API calls, it can be used to change the device's reactions or change its sounds.

The Rabbitude team described the vulnerability as a "critical hardcoded API key" that could access Yelp reviews and Google Maps for location-related needs.

The team claims that the Rabbit R1 team was aware of the issue but did nothing to address it.

statement:The content is collected from various media platforms such as public websites. If the included content infringes on your rights, please contact us by email and we will deal with it as soon as possible.
Information

OpenAI reaches a cooperation agreement with Time: ChatGPT can be trained with its magazine content

2024-6-28 9:18:15

Information

Anhui Humanoid Robot Industry Innovation Center approved, to create a first-of-its-kind domestic and world-leading research base

2024-6-28 9:20:14

Search