In a recent security update on their website, the security team at Rabbit, Inc. pointed out a Rabbit R1 chat logging issue that they claim has been resolved with a new update. The Rabbit R1’s security flaws have become a major talking point and the recent news we’ve seen regarding the device has unfortunately painted the device in quite a poor light. The latest security vulnerability detected by the Rabbit R1 team revealed that certain logged data remained on the device even after unpairing with it. As a result, anyone who purchased or stole the device and had the technical prowess to jailbreak it could potentially access the data stored on-device.
The Rabbit R1 update released on July 11 addresses the issue so if you currently have the AI aid resting in your pocket, you might want to ensure its software is up-to-date.
Image: The Rabbit R1
Rabbit R1 Chat Logging Issue Comes To Light
When the Rabbit R1 was first announced during the Consumer Electronic Show 2024 conference in January, there was resounding applause and cheer everywhere you looked. The device began to sell out like a fresh batch of limited edition Stanleys even though the R1 was only open for preorders back then. Even the Humane AI pin haters who didn’t see the purpose of an AI gadget as a “smartphone replacement” favored the R1 and its potential to change the tech game.
Over time, when users began to receive their devices, it became clear that in many ways, the AI pocket companion was an unfinished product. The latest Rabbit R1 issues allude to a similar theory.
According to the company, a security flaw in the Rabbit R1 logged text-to-speech replies and device-pairing data straight onto the device’s local storage. There was no factory option that would properly reset the device for those with the intention to sell it or give it to someone else, so users could only clear out their accounts. These log files would remain on the handheld gadget. Not everyone would know how to jailbreak the device to access these files so the Rabbit R1 vulnerability had a lower risk of being misused, but the threat was still there.
The company tried to downplay the danger by using the example of a simple weather log being retained by the device, but it is evident that more sensitive information was likely being logged as well. The company has no evidence that the security vulnerability has been exploited so far.
How Has Rabbit Addressed the R1 Vulnerability?
The security flaw was detected on July 10 and the Rabbit R1 update meant to resolve the issue quickly went out on July 11. With this latest move, data regarding initial pairing can no longer be read from the rabbithole journal, which is the clever name for the cloud hub where all interactions with the gadget are recorded for future use. This pairing data will no longer be logged to the device itself and additionally, the amount of data that does get logged onto the device has also been reduced.
As a final solution to the Rabbit R1 chat logging issue, users can Factory Reset the device through the settings menu. Anyone who wants to resell the device should consider resetting it to ensure they erase all the data from their R1—a device that could have been just an app. A similar issue came to light with Apple’s iOS 17.5 update, where old photos resurfaced on devices even though users were certain they had been deleted. This problem was linked to a corrupt database entry on the iPhone system that held onto some photos that had not been backed up by the cloud. That particular issue has been resolved as well.
“As of the publishing of this post, we have no indication that pairing data has been abused to retrieve rabbithole journal data belonging to a former device owner. However, we believe that our customers deserve transparency in matters related to their data, and as such, are highlighting it as a potential risk that existed in our systems through the dates listed.”
—Rabbit, Inc.
Coming back to the Rabbit R1 security flaw, the company has committed to reviewing its device logging practices in greater detail to ensure there are no other problems that have slipped through the cracks. More controls and checks could be introduced eventually, but for now, these precautions should hold against any jailbreakers who were waiting to exploit any secondhand devices.