Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

You may want to stop using the Rabbit R1

Add as a preferred source on Google
Someone holding the Rabbit R1 outside.
Joe Maring / Digital Trends

After it was launched in late April 2024, the Rabbit R1 got a mixed bag of reviews, with many reviewers describing it as an unhelpful gadget or only scarcely more useful than Humane’s AI Pin. Digital Trends’ Joe Maring rated it a single star, writing, “The Rabbit R1 was supposed to be one of the hottest AI gadgets of the year. Instead, it’s a buggy, flawed, and unsuccessful mess in every way imaginable.”

As if launching a product flop wasn’t bad enough, Rabbit is now facing reports of a data breach that may have revealed sensitive user data. Rabbitude, a reverse engineering project for the Rabbit R1, is reporting it was able to gain access to the Rabbit codebase and found several hardcoded API keys in its codes.

Recommended Videos

The below isn’t an exhaustive list, but it allows anyone to do any of the following:

  • Read every response every R1 has ever given, including ones containing personal information
  • Brick all R1s
  • Alter the responses of all R1s
  • Replace every R1’s voice

The following services also had their API keys exposed:

  • ElevenLabs (for text-to-speech)
  • Azure (for an old speech-to-text system)
  • Yelp (for review lookups)
  • Google Maps (for location lookups)
The Settings page on the Rabbit R1.
Joe Maring / Digital Trends

Rabbitude notes that the API keys for Elevenlabs give full privileges. These include getting a history of all past text-to-speech messages, changing voices, adding custom text replacements, deleting voices, and crashing the rabbitOS backend, essentially bricking all Rabbit R1 devices. Rabbit did, however, revoke the Elevenlabs API key, which also broke Rabbit devices for a period of time.

This is a fairly worrying set of permissions to allow on any device, but it’s extra troubling when it’s for an always-on voice-activated AI gadget loaded with cameras. Rabbitude says it reached out to the Rabbit Team, which is aware of the leaked API keys, but they “have chosen to ignore it,” and the API keys continue to be valid as of this writing.

all rabbit r1 responses could be read by us for the past month and rabbit knew about it and did nothing to fix it.https://t.co/r6NmhZJY5W

— xyzeva (@xyz3va) June 25, 2024

Endgadget similarly reached out to the company and received confirmation that Rabbit is aware of the “alleged” data breach as of June 25. “Our security team immediately began investigating it,” the company said. “As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details.”

As far as security failures go, this seems to be a fairly serious one. While the Rabbit R1 is a neat device, it’s also heavily flawed, and the security issues are sufficient enough that we recommend that you stop using it, at least for now. After all, there’s nothing your $199 Rabbit R1 (separate data plan required) can do that your smartphone can’t.

Ajay Kumar
Former Freelance Writer, Mobile
Ajay has worked in tech journalism for more than a decade as a reporter, analyst, and editor.
Galaxy Z Fold 8 Ultra: Everything we know about Samsung’s next flagship foldable
Though it will feature improvements across the board, the memory crisis might not spare Samsung’s Fold 8 Ultra.
Electronics, Speaker, White Board

The Samsung Galaxy Z Fold 8 Ultra is not the phone that reimagines what a foldable looks like. As that job falls to its sibling, the wider-screen Galaxy Z Fold 8, the Ultra could come as the direct successor to the Galaxy Z Fold 7, with the same tall, narrow design and the same book-style proportions, for the same audience. 

If you've used a Samsung Galaxy Z Fold in the past and think that the shape is perfect for you, the Fold 8 Ultra could be just the right phone for you. It has a redesigned inner display, a substantially larger battery, faster charging, and the new Flex Titanium technology designed to minimize the crease that has troubled Samsung's foldables for years. 

Read more
Your OnePlus phone is switching to ColorOS, whether you like it or not
OnePlus has confirmed that OxygenOS is being phased out, and eligible devices will get the option to update to ColorOS 17 once it becomes available.
Person holding OnePlus 15.

OnePlus has confirmed that OxygenOS, the Android skin that helped define the brand for more than a decade, is being retired in favor of ColorOS. The confirmation came buried in the community forum post announcing its exit from North America and Europe.

ColorOS replaces OxygenOS worldwide

Read more
Personal Intelligence in Search now connects to Google Calendar
Google Search AI can now read your Calendar and add events automatically
Google Calendar

Google is taking another step toward making Search feel less like a search engine and more like a personal assistant. The company has announced that AI Mode's Personal Intelligence can now connect directly to Google Calendar, allowing it not only to reference your schedule but also to create calendar events on your behalf.

Until now, Personal Intelligence mainly pulled information from apps like Gmail and Google Photos to provide more relevant responses. Calendar changes the equation because it becomes the first connected Google app that doesn't just provide context. It can actively act. The feature is rolling out now to users in the United States, with a wider international rollout planned later.

Read more