Root vulnerability threatens AI gadget Rabbit R1
Attackers can completely compromise the AI gadget Rabbit R1 via the Android exploit Kamakiri. There is currently no security patch.
(Image: Rabbit)
Due to a security vulnerability in the system-on-a-chip (SoC) of the AI helper Rabbit R1, attackers can attack devices under certain conditions and, for example, place them on the second-hand market compromised with backdoors.
Security researchers from Cybernews warn against this in an article. They took a closer look at the device with an Android operating system and discovered a root vulnerability in MediaTek's SoC from 2019. Even though there are already security updates for other devices, the Rabbit R1 is still vulnerable.
According to the researchers, Rabbit is currently evaluating with its production partner how to solve the security problem. The researchers state that the Rabbit R1 is running Android 13 with the patch level of May 5, 2023.
The AI gadget is intended to help in everyday life by answering any questions like ChatGPT & Co. and analyzing photos taken with the integrated camera.
Basis for attacks
Attacks are only possible if attackers have physical access to the AI gadget. If this is the case, attackers can target the vulnerability in the MediaTek SoC MZ6765V and install a manipulated firmware, for example. Among other things, they can infect the kernel with malicious code and leak users' personal data via a backdoor.
(Image: Cybernews)
The basis for an attack is the Android exploit Kamakiri. This can be used to jailbreak Android devices. In the case of the Rabbit R1, the researchers discovered that they were able to establish a USB connection and execute the exploit when the device was switched off.
They claim to have manipulated the firmware in this way and installed it after switching off Android Verified Boot. After successful attacks, attackers can also gain root rights and completely compromise devices.
The researchers state that the device does display a warning when starting a modified firmware. However, they assume that attackers can suppress this with comparatively little effort.
Caution when buying second-hand
At the end of their report, the researchers warn that attackers can circulate compromised versions of the AI helper on the second-hand market. Although it has recently become possible to reset the device to its factory settings, it is unclear whether this also renders malicious functions harmless. Security problems were already making headlines at the launch of the Rabbit R1.
(des)
