Still, it doesnt seem like their efforts will put an end to the ongoing cybersecurity SNAFU.
Rabbit first denied an issue but has since changed its API keys.
Rabbit immediately revoked and rotated those API keys and moved additional secrets into AWS Secrets Manager.
The Rabbit R1 has been put through the ringer, but it doesn’t seem like its latest efforts will soften critics' complaints.Photo: Kyle Barr / Gizmodo
Still, the company has continued to claim the hacking effort took place in June.
Rabbitude still maintains it had access to the codebase and API keys going back into May.
Rabbit initially denied there was an issue with the codebase and API keys.
Rabbit later changed all API keys to block access.
The issues just kept piling on long after Rabbitude published its findings.
Last month, the gear makersharedeven more troubling security issues with the Rabbit R1.
This meant users responses could be accessed via a jailbreak after selling off their devices.
Rabbit is now limiting the amount of data that gets stored on-gadget.
Rabbit hired cybersecurity firm Obscurity Labs to conduct a penetration test into Rabbits backend and the R1 gear itself.
In an email to Gizmodo, Rabbit again claimed that none of these exploits exposed the companys source code.
Critics arent feeling very mollified.
The report pointedly does not pentest how Rabbit stores users session tokens.
As far as Rabbitude is concerned, members say that the report doesnt truly address their concerns.
I wouldnt even call it a pentest, Eva said.
News from the future, delivered to your present.
The Secretary of Defense keeps getting caught using Signal, a remarkable feat.
