Going Down a Rabbit Hole to Jailbreak the R1

We've talked before about the serious security flaws found with the Rabbit R1, and whether the failure of it and the Humane AI Pin is enough to kill off the entire category of AI devices before they even get started. But if you have already bought a Rabbit R1, and just don't know what to do with it, there is now a solution. You can jailbreak it!

After reverse engineering a copy of the APK that he found on the Internet — because it turns out that Rabbit OS is just an Android application — security researcher David Buchanan (aka Retr0id) wrote up his findings.

Almost nothing happens on the Rabbit R1 locally, like a lot of IoT devices all the smarts live in the cloud and everything is done over on the server side. TinyML, and machine learning models running at the edge, was starting to change that but it seems that the arrival of LLMs have might have started the pendulum back in the opposite direction — despite the first signs that we're seeing of emerging Small AI.

I don't think this really surprised anyone. However, I think what happened when Buchanan next looked at the R1 hardware well might.

While the hardware has already been hacked to run a generic Android distribution — reflashing the hardware isn't difficult as the device is permissively configured — Buchanan wasn't much interested in doing that. Instead he wanted a closer look at the factory-installed firmware.

Which is where the choice of the MediaTek MT6765 SoC for the R1 hardware is interesting, as it is vulnerable to the Kamakiri exploit dating from back in 2019. It leaves the Rabbit R1 open to what is called "jailbreaking".

Popularised by the community that grew up around the iPhone, who have been fighting a running battle against Apple from before you were officially allowed to develop applications for the phone, a jailbreak typically permits root access within the operating system and provides the ability to install software unavailable via more official means.

Disappearing down the rabbit hole Buchanan successfully managed to jailbreak the R1, authoring a tethered USB jailbreak over WebSerial. In the spirit of terrible rabbit-themed puns, he named the jailbreak "carroot".

Buchanan is still poking around inside the the now exposed operating system. But his initial findings were somewhat concerning. Rabbit appeared to be logging almost everything. Logs include; precise GPS locations, Wi-Fi network names, and IDs of nearby cell towers. All of which started me having flashbacks to the original mobile privacy scandal, "locationgate."

However, the R1 was also logging other things, like a Base64-encoded MP3s of everything the Rabbit has ever spoken to you, alongside a text transcript of the same.

These excessive logs seems to have been addressed proactively by Rabbit in a recent security update to RabbitOS. But Buchanan has also found other problems, including potential GPL violations.

"Of particular note are their drivers for hall-effect scroll wheel sensing, and camera rotation stepper motor control, which are closed-source and yet statically linked into the GPL'd kernel image. Violations like this are hugely destructive to the free software ecosystem, from which companies like Rabbit Inc. benefit."

If you own a Rabbit R1, and want to take a look behind the curtain yourself, Buchanan has put up a web page that can jailbreak a physically-connected R1 device, and unlike Apple, Rabbit isn't going to be iterating things to break the jailbreak.

Rabbit can't fix the bootrom vulnerability, so the R1 will remain vulnerable to the "carroot" jailbreak. So if you're planning on selling, or throwing away, your R1 device you should make sure factory reset it first using the newly added settings option.