The Rabbit R1, an AI-powered gadget hailed as a “revolutionary” AI companion, faces yet another round of criticism. Despite its initial promise, users and experts alike have found the device lacking in both utility and transparency. A recent investigation by David Buchanan uncovers significant security issues and violations of open-source software licenses, further tarnishing the R1’s reputation.
Launched amid much fanfare, the Rabbit R1 has quickly become a lightning rod for criticism. Reviewers and early adopters alike have lambasted the device for its limited functionality and hefty price tag. Initially priced at $200, the device is now being sold on secondary markets for as little as $1, reflecting widespread disappointment among consumers.
According to Buchanan’s detailed report, the R1 is nothing more than a standard Android device running a heavily obfuscated app. He describes it as “just an app running in a kiosk-like mode on Android 13 AOSP.” This revelation has fueled accusations that Rabbit Inc. is misleading its customers by presenting the R1 as a more sophisticated piece of hardware than it actually is.
Jailbreaking the Rabbit R1
Driven by curiosity and a personal challenge against Rabbit’s obfuscation efforts, David Buchanan purchased an R1 to reverse-engineer its software. His efforts culminated in creating a “tethered jailbreak,” enabling users to gain root access to the device without unlocking the bootloader or making permanent changes to the internal storage.
“I love a good game of cat and mouse… the game was on. What secrets are they trying to hide from me?” Buchanan explains. His detailed examination of the R1’s boot process revealed significant security flaws in the device, which runs on a MediaTek MT6765 SoC. This particular chip is notorious for its vulnerabilities, with over 300 CVEs in which the system has been mentioned, making it an easy target for exploitation.
Buchanan developed a payload, aptly named “Carroot,” to facilitate this jailbreak. He has uploaded a video demo on YouTube, and there’s a website for those who want to hack their own R1 device.
The payload exploits the MT6765’s known bootrom vulnerabilities, initiating the jailbreak process by subverting the initial boot stages. Here’s a breakdown of how “Carroot” works:
- Loading a Custom Boot Image: The payload begins by loading a custom Android boot image into DRAM, containing a modified kernel and initramfs (initial RAM filesystem).
- Hooking into Preloader: It installs a hook in the final part of the Preloader, just before it jumps to the Little Kernel (LK) stage. This ensures the integrity verification process is completed before any modifications are made.
- Executing Custom Hooks in LK: As the boot process continues, these hooks substitute the custom boot image at the last moment, ensuring all integrity verification checks pass. One hook even displays a custom message on the screen, adding a touch of flair.
The custom boot image, built using tools from the Magisk project, includes a rootkit service that grants privileged user-space access. This service allowed him to inspect the RabbitOS app at runtime, providing deep insights into the device’s internals while maintaining the appearance of a secure boot process.
Security and Privacy Concerns
One of Buchanan’s most alarming findings is the excessive logging of user data. He discovered that the R1 logs precise GPS locations, WiFi network names, cell tower IDs, and even the user’s internet-facing IP address. Additionally, the device stores base64-encoded MP3s of all interactions between the user and the AI assistant. …whaaat?
“These logs include a disturbing amount of personal information, there’s simply no need to be logging this much data in this much detail.” Buchanan notes.
These findings seem overly excessive for an app that allows users to perform various tasks like ordering groceries or sending messages via voice commands, mimicking the functionality of existing apps. It’s either a terrible oversight, or there is something else happening that Rabbit R1 has not fully disclosed to its users.
GPL Violations
Buchanan’s investigation also reveals that Rabbit violates the GPL (General Public License) under which the Linux kernel is distributed. The GPL requires that any modifications to the kernel be made publicly available, a stipulation that Rabbit has ignored. Buchanan highlights that the drivers for the device’s hardware, including the scroll wheel and camera rotation motor, are closed-source and statically linked to the GPL’d kernel image.
“These violations are hugely destructive to the free software ecosystem, from which companies like Rabbit Inc. benefit,” Buchanan asserts. He and others in the community have called for Rabbit to comply with the GPL and release their modified source code.
Rabbit has yet to respond to Buchanan’s findings. However, following public criticism, they recently pushed for an update to reduce logging and introduce a factory reset option. While this move is a step in the right direction, it does not address the deeper security issues and GPL compliance raised by Buchanan.
The Rabbit R1’s journey from CES darling to industry pariah serves as a cautionary tale for tech startups. The device’s flawed execution and the company’s opaque practices have turned what could have been an innovative product into a case study of how not to handle technology development and customer trust.
At the time of publishing, Rabbit R1 has yet to respond.
