Sign up for the Newsletter!
Home Gadgets Be careful if you are going to sell or buy a second-hand Rabbit r1...

Be careful if you are going to sell or buy a second-hand Rabbit r1

0

Rabbit releases a statement explaining the steps to follow if you are going to sell or buy the second-hand Rabbit r1

Sign up for the Newsletter!

Security flaws continue to haunt the Rabbit r1, and after the announcement of Rabbitude in which They talked about the danger of linking accounts The team has discovered a new problem that has put us on alert.

This issue is about the possibility that your device has been stolen, lost, or even are you going to buy or sell the second-hand Rabbit r1. We have to know how to act so that third-party accounts cannot be accessed.

The official Rabbit announcement:

Hello everyone.

Yesterday we both realized and immediately resolved a potential risk related to lost, stolen, or second-hand r1 devices before factory reset capabilities were provided.

You can read more about this here, including how the potential risk worked and the changes we've made to resolve the issue. To be clear, at the time of publishing this post, we have no indication that anyone has abused this situation.

We are simply highlighting this because we believe our customers deserve complete transparency. If you intend to sell your r1, be sure to use the factory reset option in the settings menu to ensure that all data is completely erased from the device.

thank you! 🙏

As you can see, they remind us of the need —especially if you are going to sell your second-hand Rabbit r1— to restore factory settings. It is something that seems obvious, but until the time of publication it had yet to be implemented.

Fortunately they refer us to a blog on the website itself. Rabbit.tech in which they give us a series of instructions to factory reset the Rabbit r1.

Instructions to factory reset the Rabbit r1

According to the security entry of July 11, 2024, they explain the following situation to us. To begin with, until then there was no option to factory reset the Rabbit r1, which was at least something necessary from the beginning.

On the other hand, the danger that a person who was not the original owner would buy the Rabbit r1 second-hand. They also talk about loss or theft of gadget, and they all These scenarios would lead to a critical security breach.

In any of these cases, the new owner could end up doing jailbreak or unlock the device giving you access to the original user's private accounts, with all that this entails. What a danger…

An example of how it worked until now:

  • I received my r1 and started using it on June 1st.
    • The pairing data was recorded on my device.
    • This pairing data is used to write data to my Rabbithole journal and trigger actions like “play music” or “order food.”
    • This pairing data could be used to read data from my Rabbithole journal.
  • I asked my r1: “How is the weather in San Francisco?”
    • The response, “It's 74 degrees and sunny in San Francisco,” registered on my device.
  • I sold my r1 to someone else on June 3rd.
  • This person could potentially jailbreak the r1 and recover the log files containing “It's 74 degrees and sunny in San Francisco” and the pairing data.

As of July 11, we have made the following changes:

  • Pairing data can no longer be used to read from Rabbithole. They can only activate actions.
  • Pairing data is no longer recorded on the device.
  • We have reduced the amount of log data that is stored on the device.
  • The Factory Reset option is now available through the settings menu. Customers should use this option to delete ALL data from their R1 before transferring ownership.

Rabbit's containment measures on this case

As mentioned in the entry, The security team is not aware of any users abusing this issue.. According to what they say, regardless of this, they have thought it convenient for us users to know.

Furthermore, as the entry shows, A review of the thousands of interactions is being done to locate cases of misuse of this vulnerability, although at the moment there is no more news than those already mentioned.

So remember. If it has been stolen, you are going to sell the Rabbit r1 second-hand, you have lost it or it has been stolen, make sure to do a factory reset to avoid bigger problems.

NO COMMENTS

LEAVE AN RESPONSE

Please enter your comment!
Please enter your name here

Exit mobile version