Together with the brand new capacity to totally delete native consumer information, the software program replace additionally addresses one other eyebrow-raising habits of the R1. Previous to the replace, saved pairing information that lets the R1 {hardware} add issues to the Rabbithole journal additionally had permission to learn the journal as nicely. Meaning a stolen and hacked R1 might doubtlessly have handed over customers’ saved requests, images, and extra.
With the replace, R1’s pairing information can not learn the journal and is not logged to the machine, and Rabbit has decreased the quantity of log information saved on the machine. The corporate says there’s “no indication that pairing information has been abused to retrieve rabbithole journal information belonging to a former machine proprietor.”
Rabbit’s safety bulletin paints the difficulty as a comparatively inconsequential danger with its instance {that a} stolen and jailbroken R1 might divulge to a foul actor the final climate log requested by the unique proprietor. Final month safety researchers stated they found API keys hardcoded within the firm’s codebase. Since that report got here out, Rabbit says it has traced the leak to an worker, writing that “The worker has been terminated and stays beneath investigation.”
The corporate guarantees to enhance safety practices and “stop comparable points sooner or later,” saying it’s performing a full overview of machine logging practices to make sure it aligns with its requirements “set in different areas.”
Correction, July twelfth: An earlier model of this text stated the API keys have been leaked by jailbreaking; nonetheless, in an replace revealed on July fifth, Rabbit stated they have been leaked by an worker.
