Zoonop

Rabbit R1 AI Device Found Vulnerable to Five-Year-Old MediaTek Exploit

Image for Rabbit R1 AI Device Found Vulnerable to Five-Year-Old MediaTek Exploit

Security researchers have uncovered a significant vulnerability in the Rabbit R1, a new AI-powered handheld device, stemming from a five-year-old exploit targeting its MediaTek chip. The discovery, highlighted by Cybernews, indicates that physical access to the device could allow attackers to gain root access and modify its firmware. The tweet from "The Rabbit Hole" account, featuring a microbe emoji and a link, alluded to this critical security concern.

The vulnerability, known as the "Kamakiri exploit," dates back to January 2019 and affects various MediaTek Systems on Chip (SoCs), including the MT6765V used in the Rabbit R1. This exploit enables an individual with physical control of the device to bypass security checks, access and edit storage contents, and install manipulated firmware. Such access could lead to the injection of malicious code into the device's kernel or system processes.

The implications for users are substantial, particularly for those considering second-hand devices. Researchers warn that compromised R1 units could be sold with pre-installed backdoors, allowing for surveillance, data logging, or even the remote control of the device's microphone and camera. Earlier findings by researcher David Buchanan also revealed excessive logging of user data, including GPS locations and audio transcripts, though Rabbit Inc. has reportedly addressed some of these logging issues in recent updates.

Rabbit Inc. has acknowledged the ongoing security investigations and stated they are working with their manufacturing partner to address the potential risks. The company has also increased its focus on hardware security and recently rolled out software updates that include a factory reset option and reduced data logging. However, Rabbit cautions users against tampering with or jailbreaking the R1, as this disconnects them from the secure ecosystem and voids support.

This hardware-level vulnerability is distinct from other reported security concerns, such as the initial claims by a group called 'Rabbitude' regarding hardcoded API keys that could expose sensitive user data. While Rabbit Inc. has taken steps to rotate those keys and improve software security, the underlying Kamakiri exploit remains a persistent challenge due to its deep integration within the device's core chip. Consumers are advised to exercise caution, especially when purchasing Rabbit R1 devices from unofficial channels.