On 10 July 2024, we became aware of and immediately resolved a potential risk involving lost, stolen, or second-hand r1 devices before Factory Reset capabilities were provided.
At launch, r1 devices logged text-to-speech replies and device-pairing data directly to the r1 device storage. If a customer sold their device after using it, or if a device was lost or stolen, the new owner could potentially jailbreak the device and gain access to those log files.
Example:
I received my r1 and started using it on 1 June.
- The pairing data was logged to my device.
- This pairing data is used to write data to my rabbithole journal and trigger actions like “play music” or “order food”.
- This pairing data could be used to read data from my rabbithole journal.
I asked my r1, “What is the weather in San Francisco?”
- The response, “It’s 74 degrees and sunny in San Francisco,” was logged to my device.
- I sold my r1 to another person on 3 June.
- This person could potentially perform a “jailbreak” of the r1 and retrieve the log files containing “It’s 74 degrees and sunny in San Francisco” and pairing data.
As of 11 July, we’ve made the following changes:
- Pairing data can no longer be used to read from rabbithole. It can only trigger actions.
- Pairing data is no longer logged to the device.
- We have reduced the amount of log data that gets stored on the device.
- The Factory Reset option is now available via the settings menu. Customers should use this option to erase ALL data from their r1 prior to transferring ownership.
As of the publishing of this post, we have no indication that pairing data has been abused to retrieve rabbithole journal data belonging to a former device owner. However, we believe that our customers deserve transparency in matters related to their data, and as such, are highlighting it as a potential risk that existed in our systems through the dates listed.
In light of this potential risk, and to prevent similar issues in the future, our team is performing a full review of device logging practices to ensure that they align with the standards we’ve set in other areas. Additional technical controls will be designed and implemented based on that review. The trust our customers place in us is our most valuable resource, and we intend to do everything in our power to maintain that trust.