{"id":13549,"date":"2025-05-08T10:55:49","date_gmt":"2025-05-08T17:55:49","guid":{"rendered":"https:\/\/mattfife.com\/?p=13549"},"modified":"2025-05-08T17:00:03","modified_gmt":"2025-05-09T00:00:03","slug":"rabbit-r1-used-hard-coded-authentication-keys","status":"publish","type":"post","link":"https:\/\/mattfife.com\/?p=13549","title":{"rendered":"Rabbit R1 used hard-coded authentication keys"},"content":{"rendered":"\n<p>Another lesson on why proper security architecture is critical in product design.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"480\" data-attachment-id=\"14013\" data-permalink=\"https:\/\/mattfife.com\/?attachment_id=14013\" data-orig-file=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?fit=2400%2C1800&amp;ssl=1\" data-orig-size=\"2400,1800\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"gear-r1_USB-C_SIM\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?fit=640%2C480&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=640%2C480&#038;ssl=1\" alt=\"\" class=\"wp-image-14013\" style=\"width:631px;height:auto\" srcset=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=1024%2C768&amp;ssl=1 1024w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=300%2C225&amp;ssl=1 300w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=768%2C576&amp;ssl=1 768w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=1536%2C1152&amp;ssl=1 1536w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=2048%2C1536&amp;ssl=1 2048w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?resize=360%2C270&amp;ssl=1 360w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/05\/gear-r1_USB-C_SIM.webp?w=1920&amp;ssl=1 1920w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<\/div>\n\n\n<p><a href=\"https:\/\/www.engadget.com\/rabbit-r1-security-issue-allegedly-leaves-sensitive-user-data-accessible-to-anybody-120024215.html\" data-type=\"link\" data-id=\"https:\/\/www.engadget.com\/rabbit-r1-security-issue-allegedly-leaves-sensitive-user-data-accessible-to-anybody-120024215.html\">Researchers found that Teenage Engineering&#8217;s Rabbit R1 used hardcoded API keys<\/a>, which once known, allow anybody to read every single response the R1 AI device has ever given, including those containing the users&#8217; personal information.<\/p>\n\n\n\n<p>Links:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/rabbitu.de\/articles\/security-disclosure-1\">https:\/\/rabbitu.de\/articles\/security-disclosure-1<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/x.com\/xyz3va\/status\/1805684840269828605\">https:\/\/x.com\/xyz3va\/status\/1805684840269828605<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Another lesson on why proper security architecture is critical in product design. Researchers found that Teenage Engineering&#8217;s Rabbit R1 used hardcoded API keys, which once known, allow anybody to read every single response the R1 AI device has ever given, including those containing the users&#8217; personal information. Links:<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[9],"tags":[],"class_list":["post-13549","post","type-post","status-publish","format-standard","hentry","category-cool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4WECr-3wx","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13549"}],"version-history":[{"count":2,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13549\/revisions"}],"predecessor-version":[{"id":14014,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13549\/revisions\/14014"}],"wp:attachment":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}