Skip to main content

You may want to stop using the Rabbit R1

Someone holding the Rabbit R1 outside.
Joe Maring / Digital Trends

After it was launched in late April 2024, the Rabbit R1 got a mixed bag of reviews, with many reviewers describing it as an unhelpful gadget or only scarcely more useful than Humane’s AI Pin. Digital Trends’ Joe Maring rated it a single star, writing, “The Rabbit R1 was supposed to be one of the hottest AI gadgets of the year. Instead, it’s a buggy, flawed, and unsuccessful mess in every way imaginable.”

As if launching a product flop wasn’t bad enough, Rabbit is now facing reports of a data breach that may have revealed sensitive user data. Rabbitude, a reverse engineering project for the Rabbit R1, is reporting it was able to gain access to the Rabbit codebase and found several hardcoded API keys in its codes.

Recommended Videos

The below isn’t an exhaustive list, but it allows anyone to do any of the following:

  • Read every response every R1 has ever given, including ones containing personal information
  • Brick all R1s
  • Alter the responses of all R1s
  • Replace every R1’s voice
Please enable Javascript to view this content

The following services also had their API keys exposed:

  • ElevenLabs (for text-to-speech)
  • Azure (for an old speech-to-text system)
  • Yelp (for review lookups)
  • Google Maps (for location lookups)
The Settings page on the Rabbit R1.
Joe Maring / Digital Trends

Rabbitude notes that the API keys for Elevenlabs give full privileges. These include getting a history of all past text-to-speech messages, changing voices, adding custom text replacements, deleting voices, and crashing the rabbitOS backend, essentially bricking all Rabbit R1 devices. Rabbit did, however, revoke the Elevenlabs API key, which also broke Rabbit devices for a period of time.

This is a fairly worrying set of permissions to allow on any device, but it’s extra troubling when it’s for an always-on voice-activated AI gadget loaded with cameras. Rabbitude says it reached out to the Rabbit Team, which is aware of the leaked API keys, but they “have chosen to ignore it,” and the API keys continue to be valid as of this writing.

all rabbit r1 responses could be read by us for the past month and rabbit knew about it and did nothing to fix it.https://t.co/r6NmhZJY5W

— xyzeva (@xyz3va) June 25, 2024

Endgadget similarly reached out to the company and received confirmation that Rabbit is aware of the “alleged” data breach as of June 25. “Our security team immediately began investigating it,” the company said. “As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details.”

As far as security failures go, this seems to be a fairly serious one. While the Rabbit R1 is a neat device, it’s also heavily flawed, and the security issues are sufficient enough that we recommend that you stop using it, at least for now. After all, there’s nothing your $199 Rabbit R1 (separate data plan required) can do that your smartphone can’t.

Ajay Kumar
Former Digital Trends Contributor
Ajay has worked in tech journalism for more than a decade as a reporter, analyst, and editor.
Humane Ai Pin owners warned to stop using charging case over fire risk
The Humane Ai Pin.

Humane has told owners of its Ai Pin device to stop using its charging case “immediately” because it “may pose a fire safety risk.”

The warning was sent in an email to owners on Wednesday that was seen by The Verge. It comes just two months after the $700 gadget started shipping, and follows a slew of reviews in which it was widely panned for falling short of the maker's promise to act as an AI-powered digital assistant.

Read more
I used earbuds that made me feel like I’m living in the future
Person wearing Nothing Ear earbuds

The latest trend in the hot artificial intelligence brawl is multi-modal AI -- one that can talk, see, and listen. It spawned a whole class of AI gadgets, such as the Rabbit R1 and the Humane AI Pin, to capitalize on all the futuristic hype.

Within a span of two days in May, OpenAI demoed a world-sensing talkative avatar of ChatGPT, and Google did something similar with Project Astra for its Gemini Assistant. The objective is clear: AI won’t be limited to texts and stills, neither at the human input point nor the machine output terminal.

Read more
AI gadgets are dead
Gemini, ChatGPT, Humane Pin, and Rabbit R1.

Ahead of Google I/O 2024, there was little doubt that Google would talk about AI. The event started on a fittingly rowdy note. YouTube sensation Marc Rebillet started the show adorned in a bathrobe after popping up from a giant cup.

The social media star set the tone for the rest of the event by asking audience members for wild musical ideas that came to life via Google’s AI DJ software. The host couldn’t have asked for a better start. In the words of CEO Sundar Pichai, Google executives uttered the word “AI” 121 times.

Read more