The Rabbit R1 has been logging users’ chats — with no way to wipe them

Share via:


Along with the new ability to fully delete local user data, the software update also addresses another eyebrow-raising behavior of the R1. Prior to the update, stored pairing data that lets the R1 hardware add things to the Rabbithole journal also had permission to read the journal as well. That means a stolen and hacked R1 could potentially have handed over users’ saved requests, photos, and more.

With the update, R1’s pairing data can no longer read the journal and is no longer logged to the device, and Rabbit has reduced the amount of log data stored on the device. The company says there’s “no indication that pairing data has been abused to retrieve rabbithole journal data belonging to a former device owner.”

Rabbit’s security bulletin paints the issue as a relatively inconsequential risk with its example that a stolen and jailbroken R1 could reveal to a bad actor the last weather log asked by the original owner. Security researchers last month found that a jailbreak of the device could also hand out hardcoded API keys. The company promises to improve security practices and “prevent similar issues in the future,” saying it’s performing a full review of device logging practices to ensure it aligns with its standards “set in other areas.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

The Rabbit R1 has been logging users’ chats — with no way to wipe them


Along with the new ability to fully delete local user data, the software update also addresses another eyebrow-raising behavior of the R1. Prior to the update, stored pairing data that lets the R1 hardware add things to the Rabbithole journal also had permission to read the journal as well. That means a stolen and hacked R1 could potentially have handed over users’ saved requests, photos, and more.

With the update, R1’s pairing data can no longer read the journal and is no longer logged to the device, and Rabbit has reduced the amount of log data stored on the device. The company says there’s “no indication that pairing data has been abused to retrieve rabbithole journal data belonging to a former device owner.”

Rabbit’s security bulletin paints the issue as a relatively inconsequential risk with its example that a stolen and jailbroken R1 could reveal to a bad actor the last weather log asked by the original owner. Security researchers last month found that a jailbreak of the device could also hand out hardcoded API keys. The company promises to improve security practices and “prevent similar issues in the future,” saying it’s performing a full review of device logging practices to ensure it aligns with its standards “set in other areas.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Meta’s mixed-reality attempt at a Wii Sports knockoff is...

Images: Meta / NintendoLike Nintendo’s simplistic motion...

Hashdex again amends S-1 for Nasdaq Crypto Index US...

Another amended filing signals continued progress toward bringing...

MagicMiles helps you create travel itineraries using AI

Traveling is one of my favorite activities, but...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!